G3100 - DNS-rebind issue

I just Decided to check my G3100 routers system log because I haven’t checked it in a long time and am now noticing I keep getting the following errors in the router:

[SYS.4][SYS] possible DNS-rebind attack detected for the domains

ucs02.engageya.com

gwallcheck.api-alliance.com

fbwallcheck.api-alliance.com

but I don’t know what to do please help me because I know the domains that are being blocked are ones I never even went to help!!!!

Accepted answers

smith6612

DNS Rebind means the DNS Records resolve to IP addresses which would belong to an internal network, like a corporate or home network. It's not necessarily an attack. Some sites use DNS Rebinding to communicate with an application on your PC or network, without having to install a browser extension or other helper application. But yes it can also be used in attacks.

As for what caused those to occur, I believe those domains are more or less tracking related. Would have to find the problem service on the problem device. Did the router log a device IP?

All comments

smith6612

As for what caused those to occur, I believe those domains are more or less tracking related. Would have to find the problem service on the problem device. Did the router log a device IP?

Paull62

@Smith6612

No how can I tell if it returned a device ip and I have no laptops no computers at home just a iPhone 13

Cang_Household

From what I am reading about the DNS rebind, some public DNS servers are responding a local IP address instead of a public routable IP address. Given you have an iPhone and a router, you have two local IP addresses already, so the DNS rebind could target either your iPhone, your router, or both.

You can monitor your WAN connection with a switch that supports port mirroring. You can capture the packet with WIreshark and read the DNS responses over time. I am not sure whether DNS over HTTPS is widely used though, I will defer to Smith6612 for this question.

Paull62

Cang_Household

do you recommend any switches that supports port mirroring?

and how do I monitor my WAN connection and how do I l capture the packet with WIreshark and read the DNS responses over time????

[Deleted User]

I would like to thank everyone for taking the time to post your comments and opinions related to this topic. This topic has been thoroughly discussed and will now be closed. Please feel free to open a new thread for further discussion. Thank you.

SteveCoy

Don't close this issue without pointing out the DNS rebind options in the G3100 that allow you turn off DNS rebind protection in various contexts, or to turn off DNS rebind protection entirely!

It is quite absurd to let nonsense be the final answer.

I solved this problem easily with a DNS rebind exception in G3100 / Advanced / Network Settings / DNS Server