DNS Rebinding
-
DNS Rebinding
{{ PANEL(info, ATTENTION): The instructions and documentation for Monocle Gateway are now located here: https://monoclecam.com/monocle-gateway/troubleshooting/dns-rebinding }}
{{ ALERT(danger): The page is no longer maintained and considered DEPRECATED. Please see the link above for the latest documentation. }}
The Monocle Gateway dynamically assigns a DNS record to the private/internal IP address of the computer running the Monocle Gateway service. This DNS is used by Alexa to direct the cameras to a resolvable endpoint that is the Monocle Gateway service.
Some network routers/gateways may block resolving this DNS record because it points to a private IP address. This is called “DNS Rebinding” and it could be used in a malicious attack to fool users when they are attempting to access a legitimate service but are instead hijacked to a nefarious attacker.
If you router does block or prevent DNS rebinding, then you will need to create an exception to permit the DNS hostname [
*.mproxy.io
] though so that it may resolve to your computer’s private IP address internally on your network. This is safe because the domain [*.mproxy.io
] is dedicated for the Monocle Gateway service only used for private IP address resolution.You can see the assigned DNS record in the Monocle Gateway output after it starts up. (See the last 6 lines and look for the
FQDN
field.)****************************************************************** * __ __ ___ _ _ ___ ___ _ ___ * * | \/ |/ _ \| \| |/ _ \ / __| | | __| * * | |\/| | (_) | .` | (_) | (__| |__| _| * * |_| |_|\___/|_|\_|\___/ \___|____|___| * * * ****************************************************************** ------------------------------------------------- MONOCLE RUNTIME ENVIRONMENT ------------------------------------------------- VERSION = 0.0.1 OS/ARCH = win32\x64 PROCESS = monocle-gateway (PID=4952) TIMESTAMP = 2018-06-08T03:57:47.003Z ------------------------------------------------- MONOCLE GATEWAY SERVICE (Version: 0.0.1) ------------------------------------------------- [Monocle Starting] [Monocle Connecting] [Monocle Started] [RTSP Server Starting] [RTSP Server Listening] 0.0.0.0:8555 (RTSP) [RTSP Server Listening] 0.0.0.0:443 (RTSP-TLS) [RTSP Proxy Started] (PID=3128) [RTSP Server Listening] 0.0.0.0:8554 (PROXY) [RTSP Server Started] [Monocle Connected] [RTSP Server Registered] ------------------------------------------------- MONOCLE RTSP SERVICE - INITIALIZED ------------------------------------------------- FQDN = c5b4w3q2-bv4f-4sdf9-dsf-28a852ecae54.mproxy.io HOST = 192.168.1.22 PORT = 443 -------------------------------------------------
Testing the DNS Record
You can test on your local network by using the
ping
utility to ping the DNS name and it should resolve to the IP address of your computer running the Monocle Gateway service.C:\> ping c5b4w3q2-bv4f-4sdf9-dsf-28a852ecae54.mproxy.io Pinging a35e3469-f52f-4989-8766-28a852ecae54.mproxy.io [10.1.2.42] with 32 bytes of data: Reply from 192.168.1.22: bytes=32 time<1ms TTL=128 Reply from 192.168.1.22: bytes=32 time<1ms TTL=128 Reply from 192.168.1.22: bytes=32 time<1ms TTL=128 Reply from 192.168.1.22: bytes=32 time<1ms TTL=128
If you are not able to resolve the address using the DNS name, then you may need to consult your network router/firewall/gateway for restrictions on DNS rebinding and add an exception for
*.mproxy.io
.
Additional Resources
More Information about DNS Rebinding:
https://en.wikipedia.org/wiki/DNS_rebindingPFSense - DNS Rebinding Protections:
https://www.netgate.com/docs/pfsense/dns/dns-rebinding-protections.html