DNSBinding question [SOLVED]
Firstly thanks to Monocle Cam team for getting the gateway working so well.
After a bit of tinkering and trial and error I discovered that the final issue I was having was my router was set to disable DNSBinding.
I have been able to disable this function on my router but I appreciate the this is now disabled system wide which probably isn’t ideal as I assume it could cause a security issue.
The walkthrough mentions it is possible to make an exception for my my proxy.io entry and i was wondering if anyone is able to give me some pointers in how I might do that in DDWRT.
I appreciate there are lots of routers and OS’s out there but I am hoping that with DDWRT being such a wide reaching OS, there might be a simple way to do so.
Thanks in advance
Sorry, I don’t know specifically how to configure this for DDWRT, only PFSense.
However, I found this forum post elsewhere: (https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1064711)
Don’t disable “No DNS Rebind”. That’s taking a sledgehammer to a problem that can be corrected w/ a scalpel. This feature is designed to protect you against known DNS vulnerabilities. Instead, be selective by using the rebind-domain-ok directive in Additional DNSMasq Options.
If you have more than one domain, use the same directive and separate them w/ forward slashes.
So it looks like you could use the optional config in
Additional DNSMasq Optionsof
rebind-domain-ok=/xxxxxxxx.mproxy.io/. (where “xxxxxxxx” is your custom FQDN you can find in the startup log of your monocle gateway.)
This is very similar to PFSense I believe it also uses DNSMasq under the hood. This is exactly what I do on my PFSense router to limit the DNS Rebinding to only allow specific domains through.
i’ll give this a try tomorrow and report back.
many thanks for reaching out and suggesting a workaround. it’s exactly what i needed so thanks
also thanks for resolving the SSL issue.
is there a twitter account or email we can make aware of issues such as this
You can PM me on this forum and that will send an email directly to me.
this appears to have worked…at least I can ping my camera and I get back the name and IP address of the rPI running the gateway…and I’ve re-enabled the NO DNS REBIND option in the DDWRT settings.
Thanks a lot for your assistance in this
Glad to hear its working now! Thanks, Robert