Bug report - DNS proxy with private IPs

Chris_Bay · December 5, 2017, 3:02am

when the cpe is in NAT mode, and you've got a public or private address ranged DNS server delived to the radio via DHCP, the radio will not resolve hosts with private IPs.

example, our dns X.X.X.12 (public IP) will answer billpay.FQDN as a private 10. address, the CPE will not proxy with that information. if that same DNS server is manually entered into the device, the site will respond normally. this happens with any private address resolved by the epmp CPE with the DNS proxy.

Dmitry_Moiseev · December 5, 2017, 4:50pm

Hi Chris,

DNS proxy we use has built-in DNS rebind protection(https://en.wikipedia.org/wiki/DNS_rebinding) which is turned on by default. There is no way to disable it at this point.

The only recommendation is to use DNS records with addresses outside of non-globally-routed IP space.

Thanks,

Dmitry

Chris_Bay · December 5, 2017, 6:02pm

Thanks, Dmitry!