DNSBinding question [SOLVED]

Jouster-74

Firstly thanks to Monocle Cam team for getting the gateway working so well.

After a bit of tinkering and trial and error I discovered that the final issue I was having was my router was set to disable DNSBinding.

I have been able to disable this function on my router but I appreciate the this is now disabled system wide which probably isn’t ideal as I assume it could cause a security issue.

The walkthrough mentions it is possible to make an exception for my my proxy.io entry and i was wondering if anyone is able to give me some pointers in how I might do that in DDWRT.

I appreciate there are lots of routers and OS’s out there but I am hoping that with DDWRT being such a wide reaching OS, there might be a simple way to do so.

Thanks in advance

Monocle

@Jouster-74 said in DNSBinding question:

DDWRT

Sorry, I don’t know specifically how to configure this for DDWRT, only PFSense.

However, I found this forum post elsewhere: (https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1064711)

Don’t disable “No DNS Rebind”. That’s taking a sledgehammer to a problem that can be corrected w/ a scalpel. This feature is designed to protect you against known DNS vulnerabilities. Instead, be selective by using the rebind-domain-ok directive in Additional DNSMasq Options.

Code:
rebind-domain-ok=private.morestina.net

If you have more than one domain, use the same directive and separate them w/ forward slashes.

Code:
rebind-domain-ok=/private.morestina.net/someother.domain.com/

So it looks like you could use the optional config in Additional DNSMasq Options of
rebind-domain-ok=/mproxy.io/
or
rebind-domain-ok=/xxxxxxxx.mproxy.io/ . (where “xxxxxxxx” is your custom FQDN you can find in the startup log of your monocle gateway.)

This is very similar to PFSense I believe it also uses DNSMasq under the hood. This is exactly what I do on my PFSense router to limit the DNS Rebinding to only allow specific domains through.

Jouster-74

i’ll give this a try tomorrow and report back.

many thanks for reaching out and suggesting a workaround. it’s exactly what i needed so thanks

also thanks for resolving the SSL issue.

is there a twitter account or email we can make aware of issues such as this

Monocle

@Jouster-74

You can PM me on this forum and that will send an email directly to me.

Thanks, Robert

Jouster-74

this appears to have worked…at least I can ping my camera and I get back the name and IP address of the rPI running the gateway…and I’ve re-enabled the NO DNS REBIND option in the DDWRT settings.

Thanks a lot for your assistance in this

I

Monocle

@Jouster-74

Glad to hear its working now! Thanks, Robert