Turn off DNS rebind protection? Any way to do this? Can it be added in future firmware updates?
Hi,
A few years back I purchased an Archer AX6000. I was pretty happy with it at the time, and to a degree, still am. I recently moved and got a little more space, which allowed me to set my internal server back up. I went to turn my internal DNS server back on, did so, ran some test with devices pointed directly at the IP for DNS and all worked well. So I went in to my AX6000 web admin GUI to change my DNS server from Cloudflare to the internal server and got the dreaded "DNS server IP address and LAN IP address can not be on the same subnet. Please add another one".
Okay, frustrating. But then I went looking for the "turn off DNS rebind protection" option. I figured for the price I paid for this thing (pre-supply chain issues and chip shortages) that would surly be an option, and was dismayed to find out it wasn't.
I went in to my DHCP settings and added the internal DNS server IP there in the "Primary DNS" field. I flushed my local DNS cache and then SSH'd into my Linux machine that is running the DNS server and monitored logs while I visited some websites to see what would happen, and I don't see any of those DNS queries hitting the machine.
A few notes on the setup:
- The router is still acting as my DHCP server
- The machine running the DNS server is on an IP outside of the allotted DHCP IP range, so DHCP would not be assigning the server an IP and causing any craziness
- The machine is properly firewalled off, and can not be accessed from outside of my local network, but can access external IPs
- The machine is set to use Cloudflare DNS as upstream when it can't find something locally
So my questions:
1. Is there really no way to turn off DNS rebind protection? As I mentioned for the price I paid for this, I am a bit surprised it isn't an option.
2. If not available in the GUI, is there any kind of command line program I can get to talk to the router where I may be able to set the option to off that way?
3. Is the only way to use your own DNS server with this router to go to EVERY device using it and manually point its DNS server to the local DNS server and not the router? I really don't want to do that.
4. While I doubt this, would turning the DHCP server on my router off and installing DHCP on my server and have that handle all DHCP requests as well as DNS resolve this in any way? I suspect not, but thought it was worth asking.
and finally.....
5. If this isn't an option, can this please, please, please be added in the next firmware update (if any more are planned for the AX6000)? I think prior, my number one ask would have been to add the ability to create at least one subnet, but now this takes the number one spot.
thanks