GL-AR750 NextDNS stop working with DNS Rebinding Attack Protection ON

I am having trouble using NextDNS with my GL-AR750 (latest 3.105 version). Everything works fine for a day or two, then suddenly I lost connection on every device: opening a browser tab give me a DNS_PROBE_FINISHED_NXDOMAIN error. Looking at System log, there’s no unusal messages but I have an INSANE amount of possible DNS rebinding attacks when using NEXTDNS. Turning OFF DNS Rebinding Attack Protection on GL UI make my connection works again.
Currently I am testing with DNS Rebinding Attack Protection OFF on the router and ON on NEXTDNS settings to see if the problem rise again… Anyway it seems to me that using NEXTDNS is quite unreliable at the moment…

Noticed the same problem. Seeking a way to solve.

2 Likes

Same here, didn’t find a solution for now.

I have the same crazy number of logs
Thu Jan 7 10:28:03 2021 daemon.warn dnsmasq[3494]: possible DNS-rebind attack detected: **URL**

NextDNS stop working after ~6h, sometimes even faster (I experienced it after only 1h).
Set DNS Rebinding Protection to OFF didn’t work for me.

Note: I already had the same problem with the previous firmware update (3.104 w/ Stubby setup).

In a previous post from @MRizkBV said it was from the use of Stubby?

At the moment I am using NextDNS with IP association (so no DNS over TLS) in conjuction with wireguard (and VPN policies): this way everything seems to work just fine, I am using without problems since 5 days: system log is still full of rebinding attack messages but I don’t lose connection this way.

Anyway, one of the first time I noticed this problem, I had some messages regarding Stubby and 127.0.0.1@53535 listen adress. Unfortunately I rebooted the device without saving them first. I will test again and post them if they reappears.

Yeah I it surely is a good temporary solution for home user but doesn’t work for a travel user.

At the moment I’m only using my VPN solution but a bit unhappy because I love my NextDNS blocklists.

Well, I don’t know what are your needs, but you can, for example, use your glddns address to dinamically associate a different IP to NextDNS so you can always change connection and IP but always use your NextDNS profile with the same dns setting.

After A LOT of testing, I can safely say that this can happen either with DNS rebinding attack protection ON or OFF (happens more with ON). If rebinding protection is OFF, it generally performs better but it can happen that only some devices connected to the router are affected while others can surf normally even for weeks (this is weird).
Anyway, out of curiosity I tried firmware 3.200 and it seems that this iussue is not present on Openwrt 19.07 (and a lot of others little iussues I am having as well).
Please Glinet hurry up with the new firmware! :wink:

Hope this solves the issue. Let’s see.

Sadly the problem is stil present in 3.201 on GL-MT300N-V2, while on GL-AR750 everything seems fine (running from 10 days straight with a lot of devices connected and no problem).
However the behaviour is a little different on Mango: it doesn’t stop to resolve all websites, but only some specific ones… No messages on system log as always and disabling/enabling DNS rebinding attack protection makes everything works again…for a while.

1 Like