DNS Rebind

All posts tagged DNS Rebind

Fixing DNS Rebind on DD-WRT

Posted by Ripdubski on 2013.03.04
Posted in: DD-WRT. Tagged: , , , . 4 Comments

NOTE: I no longer use DD-WRT and am unable to answer any questions about it.

DNS rebinding is a form of computer attack.  The DNS service (dnsmasq) built into DD-WRT has protections against this which are turned ON by default.  You might need to disable it if you use Netflix on any iOS devices due to the way Netflix is implemented (if you can’t stream from an iOS device you probably need this turned off).

Since the current build (v24-sp2-14896) of DD-WRT for the ASUS RT-N16 router does not have the option to toggle DNS rebind protection on and off, and it can’t be set as a parameter, a post boot fix is required.  This is a show to setup a small script that will make the required changes.  It is executed after the router boots.  You must have previously enabled JFFS for this to work.

  • Login to the router as the administrator via ssh (command line not web interface).
  • Change directory to the bin directory under /jffs (create it if its not there):
cd /jffs/bin
  • Use vi to create the script (vi boot_set.sh), or you can create it elsewhere and scp for ftp it up to the router.  Just make sure its in the /jffs directory tree.  Contents should be:
#!/bin/sh
# Fix DNS Rebind

# Make a copy of the booted configuration
cp /tmp/dnsmasq.conf /tmp/dnsmasq.orig

# Copy the contents of the booted configuration to a new file
# but excluding the stop-dns-rebind line
cat /tmp/dnsmasq.conf | sed -e '/stop-dns-rebind/d' > /tmp/dnsmasq.norebind

# Kill off the dnsmasq service
killall -9 dnsmasq

# Wait 1 second
sleep 1

# Move the new configuration file over the booted one
mv /tmp/dnsmasq.norebind /tmp/dnsmasq.conf

# Restart the dns service (dnsmasq) and tell it where 
# the configuration file is
dnsmasq --conf-file=/tmp/dnsmasq.conf
  • Mark the file as executable
chmod 755 boot_set.sh
  • Logout of the command line with ‘exit’.
  • Now login to the web interface of the router.
  • Select ‘Administration > Commands’ from the menu tabs.
  • In the commands field of the “Command Shell” section (at the top) enter (assuming you put it in /jffs/bin):
/jffs/bin/boot_set.sh
  • Click the “Save Startup” button.
  • Select ‘Administration > Management’ from the menu tabs.
  • Scroll to the bottom of the page.
  • Click the “Reboot Router” button.

After the reboot, DNS rebinding should be disabled!