whexy1999
You Cannot Access LAN IPs via the Default DNS Server in OpenWRT

You Cannot Access LAN IPs via the Default DNS Server in OpenWRT

Created
Aug 7, 2023 05:21 PM
Last edited time
Aug 7, 2023 10:39 PM
Tags
If you ever use OpenWRT as your router OS, you will find that it's a default behavior for the DNS server to forbid resolving a domain that points to a private IP address.
OpenWRT calls this feature 'rebind protection.' Rebind protection is intended to protect from rebind attacks.
💡
A rebind attack is a type of DNS (Domain Name System) attack that targets the DNS resolver of a victim's machine. In a rebind attack, the attacker tricks the victim's browser into making DNS requests to a domain the attacker controls. The attacker can then respond with a dynamic IP address that points to a private IP address, effectively bypassing network security measures and gaining access to the victim's internal network. Rebind protection in OpenWRT is designed to protect against this type of attack by blocking DNS resolution for domains that point to private IP addresses.
Well, sounds good. However, if you ever want to access services in your local network, you have to use an IP address instead of domain.
 
If you need to access the LAN IP with domain name, disable rebind protection.