GL-AR750 NextDNS stop working with DNS Rebinding Attack Protection ON

I am having trouble using NextDNS with my GL-AR750 (latest 3.105 version). Everything works fine for a day or two, then suddenly I lost connection on every device: opening a browser tab give me a DNS_PROBE_FINISHED_NXDOMAIN error. Looking at System log, there’s no unusal messages but I have an INSANE amount of possible DNS rebinding attacks when using NEXTDNS. Turning OFF DNS Rebinding Attack Protection on GL UI make my connection works again.
Currently I am testing with DNS Rebinding Attack Protection OFF on the router and ON on NEXTDNS settings to see if the problem rise again… Anyway it seems to me that using NEXTDNS is quite unreliable at the moment…

Noticed the same problem. Seeking a way to solve.

2 Likes

Same here, didn’t find a solution for now.

I have the same crazy number of logs
Thu Jan 7 10:28:03 2021 daemon.warn dnsmasq[3494]: possible DNS-rebind attack detected: **URL**

NextDNS stop working after ~6h, sometimes even faster (I experienced it after only 1h).
Set DNS Rebinding Protection to OFF didn’t work for me.

Note: I already had the same problem with the previous firmware update (3.104 w/ Stubby setup).

In a previous post from @MRizkBV said it was from the use of Stubby?

At the moment I am using NextDNS with IP association (so no DNS over TLS) in conjuction with wireguard (and VPN policies): this way everything seems to work just fine, I am using without problems since 5 days: system log is still full of rebinding attack messages but I don’t lose connection this way.

Anyway, one of the first time I noticed this problem, I had some messages regarding Stubby and 127.0.0.1@53535 listen adress. Unfortunately I rebooted the device without saving them first. I will test again and post them if they reappears.

Yeah I it surely is a good temporary solution for home user but doesn’t work for a travel user.

At the moment I’m only using my VPN solution but a bit unhappy because I love my NextDNS blocklists.

Well, I don’t know what are your needs, but you can, for example, use your glddns address to dinamically associate a different IP to NextDNS so you can always change connection and IP but always use your NextDNS profile with the same dns setting.