I have a problem since I use a new router (TP-Link WDR4300 + OpenWRT BarrierBreaker
) and in the System log
is full of this periodically:
<Timestamp> dnsmasq[2524]: possible DNS-rebind attack detected: 4385410-0-3084195388-824858262.ns.183-213-22-60-ns.dns-spider.ffdns.net
I use my ISP's DNS (Telekom Hungary, IPv4 DNS
) but I've tried Google's too (8.8.8.8
and 8.8.4.4
too), but there is this issue.
I can reach my router from WAN
(via DDNS
(duckdns
)), may it possible that this is the source of my problem?
I've tried to search DNS-rebind attack
and so in OpenWRT topics but sadly I can't found anything useful there.
There is any workaround to prevent those bots
to rebind
?
Best Answer
It looks like dnsmasq is reachable from the internet. This allows DNS scanners to attempt rebind attacks. Check your firewall configuration. This particular server appears to be a research server, although I would expect only a few attempts from such a server.
Generally you want a mostly closed configuration on the internet interface with only the services you need enabled. DNS is usually not one of the services you want to enable.