[pfSense] DNS Rebind
Jason T. Slack-Moehrle
slackmoehrle at gmail.com
Wed Feb 29 19:26:06 EST 2012
am I blind in seeing where I would create DNS entries on the pfSense box to run it as a DNS Server?
--
Jason T. Slack-Moehrle
On Wednesday, February 29, 2012 at 4:02 PM, Jason T. Slack-Moehrle wrote:
> One of the sites is 6colors.net (http://6colors.net), another one would be jasonandannette.us (http://jasonandannette.us)
>
> My wife says they work from her job.
>
> Can you explain to me how one does split-DNS?
>
> --
> Jason T. Slack-Moehrle
>
>
> On Wednesday, February 29, 2012 at 3:49 PM, Yehuda Katz wrote:
>
> > On Wed, Feb 29, 2012 at 6:14 PM, Jason T. Slack-Moehrle <slackmoehrle at gmail.com (mailto:slackmoehrle at gmail.com)> wrote:
> > > When I plug my laptop into the LAN and try and hit one of the websites I host I get forwarded the pfsense admin URL but get an error that states:
> > >
> > > Potential DNS Rebind attack detected, see http://en.wikipedia.org/wiki/DNS_rebinding
> > > Try accessing the router by IP address instead of by hostname.
> > >
> > >
> > > This happens to a few of the sites, but it doesn't seem to happen to all of them that are hosted on that box.
> > >
> > >
> > > Can anyone help me to understand what is happening and how to fix it?
> >
> > When you are somewhere else, do the websites work properly?
> >
> > Usually pfSense does not support accessing a public IP that is on the pfSense WAN. In order for that to work you need to have NAT-reflection enabled.
> > We have never been able to get NAT reflection working on our network, so we just set up split-DNS (that you have different DNS for those sites your LAN), so the clients on the LAN do not know about the 1-1 NAT on the pfSense.
> >
> > - Y
> > _______________________________________________
> > List mailing list
> > List at lists.pfsense.org (mailto:List at lists.pfsense.org)
> > http://lists.pfsense.org/mailman/listinfo/list
>
More information about the List
mailing list