Michal Čihař - OpenWRT and resolving private ranges

OpenWRT and resolving private ranges

For quite a long time, I have a problem, that DNS in my OpenWRT box does not resolv local range on wan interface. Today I have learned that it is doing it in order to protect me:

dnsmasq[15709]: possible DNS-rebind attack detected: jmnet.czf

But hey, my wan interface has 10.* address and I want to resolve 10.* domains there!

A little bit of googling revealed that this is caused by --stop-dns-rebind passed to dnsmasq. Okay, the easiest fix is to disable it. You need to change /etc/config/dhcp:

config 'dnsmasq'
        option 'rebind_protection' '0'

After reading source of /etc/init.d/dnsmasq I realized there is also way to whitelist some domains, what sounds like a slightly better idea. After fighting with syntax, I found the solution to be (again in /etc/config/dhcp):

config 'dnsmasq'
        list 'rebind_domain' '/czf/'

Next thing to explore is why is native IPv6 not working for me on the router though it should...

New Comment

You can not add new comments to old blog posts.