Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local IP addresses stripped from DNS response by some home routers #7

Open
samgiles opened this issue Apr 4, 2016 · 4 comments
Open

Local IP addresses stripped from DNS response by some home routers #7

samgiles opened this issue Apr 4, 2016 · 4 comments

Comments

@samgiles
Copy link
Contributor

samgiles commented Apr 4, 2016
edited
Loading

The names created in this server fail to resolve with the DNS server supplied in the DHCPACK from the BT Home Hub 5:

Succesful resolution bypassing the DHCP supplied DNS server

$ nslookup local.006c824eb59a3422e543d708d2d0a2e576f896b4.box.knilxof.org 8.8.8.8
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
Name:   local.006c824eb59a3422e543d708d2d0a2e576f896b4.box.knilxof.org
Address: 192.168.1.67

Fails using the DNS server response from the router configured via DHCP:

.$ nslookup local.006c824eb59a3422e543d708d2d0a2e576f896b4.box.knilxof.org
Server:     192.168.1.254
Address:    192.168.1.254#53

Non-authoritative answer:
*** Can't find local.006c824eb59a3422e543d708d2d0a2e576f896b4.box.knilxof.org: No answer

Routers known to prevent DNS rebinding attacks by stripping local IPs rom responses:

  • BT Home Hub 5
@michielbdejong
Copy link
Contributor

Interesting! It works correctly from my coworking space. We should debug as follows:

Your-Laptop:~ You$ ssh [email protected]
ubuntu@ip-172-31-32-55:~$ sudo su
root@ip-172-31-32-55:/home/ubuntu# pm2 logs index

That will stream logs, so you can see what's going on while doing the query. Ping my on irc if you want to pair on this!

@samgiles
Copy link
Contributor Author

samgiles commented Apr 5, 2016

The request doesn't even get to our server :/. I looked yesterday briefly before changing my DNS settings to 8.8.8.8 so I wasn't blocked. I'll do some more debugging when I'm at home next, incidentally, it works with xip.io.

@samgiles
Copy link
Contributor Author

Ok, thanks to @aosmond for spotting this.

This is because local IP addresses are being stripped out of public DNS responses by some home routers to prevent DNS rebinding attacks.
The only workaround here is to change the DNS settings of the device you use to access the box.

@samgiles samgiles changed the title Fails to resolve with a BT Home Hub 5 Local IP addresses stripped from DNS response by some home routers May 11, 2016
@michielbdejong
Copy link
Contributor

Ouch, that's a problem. It means putting local IP addresses into a public DNS zone will not work for all users. Maybe we can ask plex.tv tech support what their experience is with this in practice. The 'DNS Rebinding' section on https://support.plex.tv/hc/en-us/articles/204604227-Why-can-t-the-Plex-app-find-or-connect-to-my-Plex-Media-Server- seems like it may be related. @samgiles can you try if the instructions from that section solve the problem for your router (replacing 'plex.direct' with 'knilxof.org', of course)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michielbdejong @samgiles