On Wed, 30 Sep 2020 08:49:11 +0100 Mark Rogers mark@more-solutions.co.uk allegedly wrote:
Re-reading the dnsmasq docs, I think this is the key:
--stop-dns-rebind Reject (and log) addresses from upstream nameservers which are in the private ranges. This blocks an attack where a browser behind a firewall is used to probe machines on the local network. For IPv6, the private range covers the IPv4-mapped addresses in private space plus all link-local (LL) and site-local (ULA) addresses.
Turning off rebind protection within OpenWRT seems to have fixed my issue.
I don't think turning off dns-rebind is a good idea. It leaves you open to same origin attacks from hostile websites. (See https://en.wikipedia.org/wiki/DNS_rebinding ).
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------