[Dnsmasq-discuss] rebind-domain-ok bug? Not whitelisiing 4 word domain.

[Michael]

So it is only kind of working.  I’m still seeing the following in the logs now then:
Oct 14 20:06:18 dnsmasq[15781]: possible DNS-rebind attack detected: universal-web-internal.production.gannettdigital.com

This is with the following set:
rebind-domain-ok=/mcafee.com/amazonmusiclocal.com/gannettdigital.com/
When I specifically try to go to universal-web-internal.production.gannettdigital.com in a web browser though or do DNS lookup, I’m not seeing anything in the logs which is odd.   

On Monday, October 14, 2019, 7:51 PM, Michael <morac99-dnsmasq at yahoo.com> wrote:


Someone tried it and they used the following and said it worked.  When I tried it, it also worked.  I have no idea why that did, but using /gannettdigital.com/ by itself did not. 




rebind-domain-ok=/mcafee.com/amazonmusiclocal.com/gannettdigital.com/



On Monday, October 14, 2019, 6:05 PM, Michael <morac99-dnsmasq at yahoo.com> wrote:

Hi Simon,

I'm using ASUS Merlin 384.13, which is compiled with dnsmasq 2.80-44-g608aa9f, on my router.   I have rebind protection on and want to whitelist "universal-web-internal.production.gannettdigital.com" as for some reason after upgrading to iOS 13 on my iOS devices that domain is getting hit very often.
I added the following to the dnsmasq.conf file, but the domain is still being logged:rebind-domain-ok=/universal-web-internal.production.gannettdigital.com/I also tried:rebind-domain-ok=/.gannettdigital.com/That white lists "production.gannettdigital.com" (which also has a private ip address), but not "universal-web-internal.production.gannettdigital.com".As such, this appears to be a bug.  I'm not sure if dnsmasq doesn't like the dashes or the fact that there are 4 parts to the domain.
Any idea why this isn't working?
Thanks,Michael






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20191015/ecb2b5c4/attachment-0001.html>