Can corroborate, DNSmasq as found in many firmwares has a 'stop-dns-rebind' option. It is on by default AFAIK.

Disable security features at your own risk etc etc

-Stuart

On 18/01/23 11:30, Simon Lyall wrote:

Thank you to Scott (and others who replied offlist).

This problem is occuring with people running VPNs on work laptops at home. I am wondering if perhaps the immediate cause of the problem for us is we are not correctly pushing out DNS settings so the local one is being used.


On Mon, 16 Jan 2023, Scott Howard wrote:
The term you're looking for to plug into Google is "DNS rebind protection",
and it's common across a lot of consumer routers.
This thread is a few years old, but seems to imply it can't be disabled on
these
modems.����https://www.geekzone.co.nz/forums.asp?forumid=39&topicid=265543

�� Scott


On Mon, Jan 16, 2023 at 2:44 PM Simon Lyall <simon@darkmere.gen.nz> wrote:

���������� We are getting reports from a couple of people that some Skinny
���������� Modems are
���������� getting confused with some DNS records. It appears that if the
���������� IP returned
���������� from the lookup is a RFC 1918 one they won't return the result
���������� to the
���������� client.

���������� One modem in question has:

���������� Skinny Smart Modem VRV9517UWAC34-A-SP

���������� on it and I think VRV9517 is the model name.

���������� This appears to be a fairly recent problem, showing up since
���������� people came
���������� back from break. Not ruling out some other cause but direct
���������� testing of
���������� queries is doing the above. Possibly a recent software upgrade
���������� or
���������� "security" setting.

���������� Direct queries against the DNS servers themselves seem okay, it
���������� only
���������� breaks when you use the modem as the DNS server.

���������� Not confirmed for all of RFC1918 space, but definitly
���������� 192.168.1.x

���������� Anyone seen similar or know of a fix? (for now we are getting
���������� people to
���������� use 1.1.1.1 or similar for DNS).

���������� --
���������� Simon Lyall�� |�� Very Busy�� |�� Web: http://www.simonlyall.com/
���������� "To stay awake all night adds a day to your life" - Stilgar

���������� _______________________________________________
���������� NZNOG mailing list -- nznog@list.waikato.ac.nz
���������� To unsubscribe send an email to nznog-leave@list.waikato.ac.nz





_______________________________________________
NZNOG mailing list -- nznog@list.waikato.ac.nz
To unsubscribe send an email to nznog-leave@list.waikato.ac.nz