DNS rebind protection
DNS rebind protection
I'm trying to set up a new Archer A20 on our network, and I have hit a snag: when trying to point the router to our internal DNS, the interface refuses to save the setting. It displays a message: "DNS server IP address and LAN IP address cannot be in the same subnet. Please enter another one."
The best reason I can come up with for this behavior would be built-in protection from DNS rebinding attacks, which is ordinarily quite a useful feature. But we have control over our internal DNS, so we aren't really worried about this particular type of attack. Moreover, we need to point everything on our network to our DNS to keep our domain controller happy, and to avoid a few other annoying slowdowns and conflicts.
There does not appear to be any option in the administration interface to disable this restriction, and my communications with TP-Link support have been...frustrating.
Have I missed some configuration option to allow pointing to a DNS on the local subnet? Is this feature simply missing from the current firmware? Will the firmware be updated soon?
Thanks,
Daniel
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Here's my workaround...
Only do this if your router's WAN IP is not public/internet facing.
- Create a Virtual Server NAT Forward for Port 53 to the IP address of your DNS server.
- Set the DNS IP to the Internet/WAN IP address of the router.
If its dumb and it works....
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 14117
Replies: 12
Voters 0
No one has voted for it yet.