D-Link Forums

The Graveyard - Products No Longer Supported => Routers => DIR-880L => Topic started by: AdrianG on July 11, 2017, 03:03:56 PM

Title: Private DNS server being blocked by DNS rebind protection
Post by: AdrianG on July 11, 2017, 03:03:56 PM
My DIR-655 stopped working this weekend. I purchased a DIR-880L. As it was configured on the DIR655 I configured the DIR-880L DNS address one to be the private DNS server and second DNS address a public DNS server and disabled DNS relay. This configuration worked on the DIR-655. It does not seem to work on the DIR-880L. Searching around it seems that a security feature called DNS rebind protection is preventing any connected devices from using a private DNS server on the internal network. Is there any way to disable this feature? or even more securely is there any way to mark the private DNS server as safe?
Title: Re: Private DNS server being blocked by DNS rebind protection
Post by: FurryNutz on July 11, 2017, 04:35:04 PM
Link>Welcome! (http://forums.dlink.com/index.php?topic=48135.0)


How do you have the 655 configured? Using Virtual Server?

It's possible that this feature is a security feature and using a private DNS server on the LAN side may not be supported on newer generation routers.

I'll get some more information on this...
Title: Re: Private DNS server being blocked by DNS rebind protection
Post by: FurryNutz on July 12, 2017, 09:02:12 AM
What happens if you enable DNS Relay with this configuration? D-Link says DNS Relay maybe needed...

Are you clients using Static addressing or static DNS addressing?
Title: Re: Private DNS server being blocked by DNS rebind protection
Post by: AdrianG on July 14, 2017, 07:04:42 PM
Hardware version: A2
Current Firmware Version:   1.07WW, Fri 26 Feb 2016
Current Firmware Date:   2016-02-26 19:34:00

I will try the DNS relay this weekend...

Thanks
Title: Re: Private DNS server being blocked by DNS rebind protection
Post by: AdrianG on July 15, 2017, 06:35:39 AM
Enabling DNS Relay did not work. More information when the private DNS server IP address is assigned as a DNS server in the Internet configuration on the D-Link router when you run the command "nslookup somehostname x.x.x.x" where x.x.x.x is the ip address of the private DNS server you get:

DNS request timed out.
    timeout was 2 seconds.
Title: Re: Private DNS server being blocked by DNS rebind protection
Post by: FurryNutz on July 15, 2017, 12:12:44 PM
I'll see if I can get some more info on this.

You can load up v1.08 and see if any changes...
Title: Re: Private DNS server being blocked by DNS rebind protection
Post by: AdrianG on July 18, 2017, 08:25:27 AM
Thanks. For now I am working around this issue by using a DHCP server and disabling DHCP on the router.
Title: Re: Private DNS server being blocked by DNS rebind protection
Post by: FurryNutz on July 18, 2017, 08:34:41 AM
This maybe a issue in FW, either security related or something not supported in newer generation routers...something you might contact D-Link support and ask about at some point.

Good Luck.