GL-MT300N-v2-615 blocks paypal.com if DNS Rebinding Attack Prevention is ON

Router has been flawless since purchase 4 months ago. Internet access via mobile hotspot and all clients connected via wifi. A few days ago I started getting ‘Server not found’ every time I attempted to access paypal. Same problem for all devices connected to MT300N. Cannot even ping paypal through the router (“Ping request could not find host paypal.com”). Able to connect to paypal OK when connected direct to phone hotspot.
Factory reset MT300N, no change. Started experimenting with settings on MT300N, I found that if I turn off DNS Rebinding Attack Prevention everything is OK, turn it back ON and no access to paypal! I have not noticed any other domain name with the same problem.
Any Ideas?

Except for “DNS rebind attack protection”, did you set up nextdns, dns proxies or other custom dns?

Can you pls go to the router and get log?

You can ssh to the router and use logread to get log.
Or you can go to luci and get the log in status->system log.

Thanks for response.
Only DNS rebind attack protection ON/OFF changed. All other settings are at factory reset. With DNS rebind attack protection turned ON I have attempted to access and ping paypal (Server not found), then turned it OFF and tried again (access OK), then ON again, tried paypal again, and saved the log. It seems that new users cannot upload attachments!
I tried to paste the relevant lines here but only 2 links allowed!
So here are the lines from only the last part of the log.
Cheers.

Tue Nov 24 10:30:56 2020 daemon.info dnsmasq[4783]: exiting on receipt of SIGTERM
Tue Nov 24 10:30:56 2020 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Tue Nov 24 10:30:56 2020 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: started, version 2.80test2 cachesize 150
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: DNS service limited to local subnets
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC no-ID loop-detect inotify dumpfile
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq-dhcp[5123]: DHCP, IP range 192.168.8.100 – 192.168.8.249, lease time 12h
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain test
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain onion
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain localhost
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain local
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain invalid
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain bind
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain lan
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: reading /tmp/resolv.conf.auto
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain test
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain onion
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain localhost
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain local
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain invalid
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain bind
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using local addresses only for domain lan
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: using nameserver 192.168.43.131#53
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: read /etc/hosts - 4 addresses
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq[5123]: read /tmp/hosts/dhcp.cfg01411c - 3 addresses
Tue Nov 24 10:30:57 2020 daemon.info dnsmasq-dhcp[5123]: read /etc/ethers - 0 addresses
Tue Nov 24 10:31:43 2020 daemon.warn dnsmasq[5123]: possible DNS-rebind attack detected: www.paypal.com
Tue Nov 24 10:31:43 2020 daemon.warn dnsmasq[5123]: possible DNS-rebind attack detected: www.paypalobjects.com
Powered by LuCI openwrt-18.06 branch (git-18.196.56128-9112198) / OpenWrt 18.06.1 r7258-5eb055306f

What is your upstream router?

When I use adguard or nextdns I have a lot of dns rebind attach messages.