G3100 - VPN DNS-rebind issue
a_rodge
Enthusiast - Level 2

I just upgraded to the G3100 router (from a custom setup using Nighthawk router & AP) and am now getting the following errors in the router logs when trying to connect to my company VPN:

 [SYS.4][SYS] possible DNS-rebind attack detected

I do not see where this is actually being blocked; however, the site is unreachable.

Is there a specific way to bypass?

0 Likes
Reply
1 Solution
a_rodge
Enthusiast - Level 2

I was able to resolve this by changing the DNS server on the local machine (Google Public DNS).

I would still like to change the DNS at the router level, but that is not an urgent issue.

View solution in original post

0 Likes
Reply
5 Replies
kh-gary
Moderator Emeritus

In order to keep discussion on the community current, this topic has been locked to prevent new replies. If you have a similar question or issue that you wish to discuss, then please feel free to post a new message on the most relevant board. Thanks!

Reply
a_rodge
Enthusiast - Level 2

I was able to resolve this by changing the DNS server on the local machine (Google Public DNS).

I would still like to change the DNS at the router level, but that is not an urgent issue.

0 Likes
Reply
AngryEngineer
Newbie

Without getting into the technical details of public and private/corporate name resolution functions, the real root cause is due to Verizon’s DNS Assistance service configured by default on their residential modems/gateways.

To resolve the problem effectively [while still considering other related factors such as additional cost, configuration complexity, corporate supportability, and user flexibility], the best prioritized options are to:

(1) modify the DNS servers on the VZ modem/gateway to use free DNS services (e.g., Google DNS, OpenDNS),

(2) install a home WiFi router in front of the VZ modem/gateway AND configure that new home WiFi router to use free DNS services,

(3) change the DNS server entries on your computer(s) and mobile devices to use free DNS services,
or lastly (4) consider alternative Internet Service Providers.

0 Likes
Reply
mickster8
Enthusiast - Level 2

Log into the router, go to the advanced tab-->Network settings-->DNS Server, and uncheck DNS Rebind protection. If you are behind a firewall, this setting is not needed. Google DNS rebind attack, and you will understand why I am saying this. That setting WILL make it so your VPN cannot connect. If you are not behind a firewall bad bad admin, you need to get one, as your whole network is unprotected.

mickster8
Enthusiast - Level 2

BTW I am far from a newb; I have 28 years of experience as a Networking and Cybersecurity Engineer.

0 Likes
Reply