• Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    DNSBinding question [SOLVED]

    Support
    2
    6
    487
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jouster-74 last edited by Monocle

      Firstly thanks to Monocle Cam team for getting the gateway working so well.

      After a bit of tinkering and trial and error I discovered that the final issue I was having was my router was set to disable DNSBinding.

      I have been able to disable this function on my router but I appreciate the this is now disabled system wide which probably isn’t ideal as I assume it could cause a security issue.

      The walkthrough mentions it is possible to make an exception for my my proxy.io entry and i was wondering if anyone is able to give me some pointers in how I might do that in DDWRT.

      I appreciate there are lots of routers and OS’s out there but I am hoping that with DDWRT being such a wide reaching OS, there might be a simple way to do so.

      Thanks in advance

      Monocle 1 Reply Last reply Reply Quote 0
      • Monocle
        Monocle @Jouster-74 last edited by

        @Jouster-74 said in DNSBinding question:

        DDWRT

        Sorry, I don’t know specifically how to configure this for DDWRT, only PFSense.

        However, I found this forum post elsewhere: (https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1064711)

        Don’t disable “No DNS Rebind”. That’s taking a sledgehammer to a problem that can be corrected w/ a scalpel. This feature is designed to protect you against known DNS vulnerabilities. Instead, be selective by using the rebind-domain-ok directive in Additional DNSMasq Options.

        Code:
        rebind-domain-ok=private.morestina.net

        If you have more than one domain, use the same directive and separate them w/ forward slashes.

        Code:
        rebind-domain-ok=/private.morestina.net/someother.domain.com/

        So it looks like you could use the optional config in Additional DNSMasq Options of
        rebind-domain-ok=/mproxy.io/
        or
        rebind-domain-ok=/xxxxxxxx.mproxy.io/ . (where “xxxxxxxx” is your custom FQDN you can find in the startup log of your monocle gateway.)

        This is very similar to PFSense I believe it also uses DNSMasq under the hood. This is exactly what I do on my PFSense router to limit the DNS Rebinding to only allow specific domains through.

        Monocle: https://monoclecam.com
        Getting Started | Troubleshooting Guide | FAQ | Contact Support

        1 Reply Last reply Reply Quote 0
        • J
          Jouster-74 last edited by

          i’ll give this a try tomorrow and report back.

          many thanks for reaching out and suggesting a workaround. it’s exactly what i needed so thanks

          also thanks for resolving the SSL issue.

          is there a twitter account or email we can make aware of issues such as this

          Monocle 1 Reply Last reply Reply Quote 0
          • Monocle
            Monocle @Jouster-74 last edited by

            @Jouster-74

            You can PM me on this forum and that will send an email directly to me.

            Thanks, Robert

            Monocle: https://monoclecam.com
            Getting Started | Troubleshooting Guide | FAQ | Contact Support

            1 Reply Last reply Reply Quote 0
            • J
              Jouster-74 last edited by

              this appears to have worked…at least I can ping my camera and I get back the name and IP address of the rPI running the gateway…and I’ve re-enabled the NO DNS REBIND option in the DDWRT settings.

              Thanks a lot for your assistance in this

              I

              Monocle 1 Reply Last reply Reply Quote 0
              • Monocle
                Monocle @Jouster-74 last edited by

                @Jouster-74

                Glad to hear its working now! Thanks, Robert

                Monocle: https://monoclecam.com
                Getting Started | Troubleshooting Guide | FAQ | Contact Support

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Privacy Policy  |  Terms & Conditions

                © 2018 shadeBlue, LLC.