Community discussions

MikroTik App
 
ptr727
newbie
Topic Author
Posts: 36
Joined: Wed May 09, 2012 8:35 am
Contact:

DNS Rebinding and Plex

Sat Dec 03, 2016 5:40 pm

Hi, I am having problems accessing my Plex server from my local network.
The problem seems to be related to "DNS Rebinding Protection"

I've searched this forum, and people report that it just works, but there are several references to other DNS servers or routers where DNS rebinding configuration is required.
See:
https://support.plex.tv/hc/en-us/articl ... onnections
https://forums.plex.tv/discussion/20117 ... ter#latest

Example error:
Image

Example nslookup, Google DNS works, Mikrotik DNS fails:
> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> 192-168-1-47.d3628f4938a748af9a3e90f5ef365efa.plex.direct
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    192-168-1-47.d3628f4938a748af9a3e90f5ef365efa.plex.direct
Address:  192.168.1.47

> server 192.168.1.1
Default Server:  [192.168.1.1]
Address:  192.168.1.1

> 192-168-1-47.d3628f4938a748af9a3e90f5ef365efa.plex.direct
Server:  [192.168.1.1]
Address:  192.168.1.1

*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for 192-168-1-47.d3628f4938a748af9a3e90f5ef365efa.plex.direct
>
Ho do I allow DNS rebinding on the Mikrotik DNS server?
 
msatter
Forum Guru
Forum Guru
Posts: 1632
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: DNS Rebinding and Plex

Sat Dec 03, 2016 5:49 pm

Try to put the address: 192-168-1-47.d3628f4938a748af9a3e90f5ef365efa.plex.direct in the static DNS list of the Mikrotik with IP 192.168.1.47
One RB4011 (cooled) and a RB760iGS (hEX S) in series. 4011 Does PPPoE/IKEv2.
Running:
RouterOS 6.47 / Winbox 3.24 / MikroTik APP 1.3.12
NordVPN viewtopic.php?f=2&t=158439&p=781009 for multiple connections.
 
ptr727
newbie
Topic Author
Posts: 36
Joined: Wed May 09, 2012 8:35 am
Contact:

Re: DNS Rebinding and Plex

Sat Dec 03, 2016 5:54 pm

The address is dynamic, the GUID looking part of the name is a dynamically generated security token, so adding a static entry will not work, or will work for a short time, until the token is regenerated.

In dnsmasq the equivalent option is "rebind-domain-ok=/plex.direct/"
In pfSense the equivalent option is "private-domain: "plex.direct""

I'm looking for an equivalent configuration option?
 
2frogs
Long time Member
Long time Member
Posts: 587
Joined: Fri Dec 03, 2010 1:38 am

Re: DNS Rebinding and Plex

Sat Dec 03, 2016 9:05 pm

Do you have port 32400 forwarded to your Plex server? Or have upnp setup?
 
ptr727
newbie
Topic Author
Posts: 36
Joined: Wed May 09, 2012 8:35 am
Contact:

Re: DNS Rebinding and Plex

Sat Dec 03, 2016 9:25 pm

Do you have port 32400 forwarded to your Plex server? Or have upnp setup?
This is for local LAN access, not external access.
 
Sob
Forum Guru
Forum Guru
Posts: 5483
Joined: Mon Apr 20, 2009 9:11 pm

Re: DNS Rebinding and Plex

Sat Dec 03, 2016 9:53 pm

I don't think it's the router, I've never encountered any kind of such filtering in RouterOS. It's most likely filtered by parent resolvers, i.e. those set in IP->DNS.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
msatter
Forum Guru
Forum Guru
Posts: 1632
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: DNS Rebinding and Plex

Sat Dec 03, 2016 9:55 pm

OK my answer stays the same but then you have to use the regexp field

*\\.plex\\.direct

I can't test it for you because I don't use this, but DNSmasq.
Last edited by msatter on Sat Dec 03, 2016 10:00 pm, edited 1 time in total.
One RB4011 (cooled) and a RB760iGS (hEX S) in series. 4011 Does PPPoE/IKEv2.
Running:
RouterOS 6.47 / Winbox 3.24 / MikroTik APP 1.3.12
NordVPN viewtopic.php?f=2&t=158439&p=781009 for multiple connections.
 
ptr727
newbie
Topic Author
Posts: 36
Joined: Wed May 09, 2012 8:35 am
Contact:

Re: DNS Rebinding and Plex

Sat Dec 03, 2016 9:57 pm

I don't think it's the router, I've never encountered any kind of such filtering in RouterOS. It's most likely filtered by parent resolvers, i.e. those set in IP->DNS.
That's it, thank you.
I tested local vs. Google, but I am using OpenDNS as DNS.
> server 208.67.222.222
Default Server:  resolver1.opendns.com
Address:  208.67.222.222

> 192-168-1-47.d3628f4938a748af9a3e90f5ef365efa.plex.direct
Server:  resolver1.opendns.com
Address:  208.67.222.222

*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for 192-168-1-47.d3628f4938a748af9a3e90f5ef365efa.plex.direct
> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> 192-168-1-47.d3628f4938a748af9a3e90f5ef365efa.plex.direct
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    192-168-1-47.d3628f4938a748af9a3e90f5ef365efa.plex.direct
Address:  192.168.1.47

>
 
Sob
Forum Guru
Forum Guru
Posts: 5483
Joined: Mon Apr 20, 2009 9:11 pm

Re: DNS Rebinding and Plex

Sat Dec 03, 2016 10:17 pm

If you want to keep OpenDNS, you can do this:
/ip firewall layer7-protocol
add name=plex.direct regexp="\\x04plex\\x06direct.\\x01\$"
/ip firewall nat
add action=dst-nat chain=dstnat dst-address-type=local dst-port=53 in-interface=<LAN> \
    layer7-protocol=plex.direct protocol=udp to-addresses=8.8.8.8
It's far from perfect, but as long as your devices will use only udp dns (most do), it will work.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
ptr727
newbie
Topic Author
Posts: 36
Joined: Wed May 09, 2012 8:35 am
Contact:

Re: DNS Rebinding and Plex

Sun Dec 04, 2016 4:16 am

I found a setting in OpenDNS that turns of "Suspicious Responses" / "Block internal IP addresses", and that solved the problem.
Unfortunately there is no support in OpenDNS (at least in my home plan) that allows per domain exclusions.

Thank you all for the help.
 
msatter
Forum Guru
Forum Guru
Posts: 1632
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: DNS Rebinding and Plex

Sun Dec 04, 2016 1:39 pm

You could filter that out in your Mikrotik and you have two solutions mentioned above.
One RB4011 (cooled) and a RB760iGS (hEX S) in series. 4011 Does PPPoE/IKEv2.
Running:
RouterOS 6.47 / Winbox 3.24 / MikroTik APP 1.3.12
NordVPN viewtopic.php?f=2&t=158439&p=781009 for multiple connections.
 
jonmansey
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Sat Sep 18, 2004 3:43 am

Re: DNS Rebinding and Plex

Wed May 20, 2020 10:36 pm

In case it helps anyone else, I found I had to use the following regex to make the static dns entry work. (I had to add the leading .)
.*.plex.direct

Who is online

Users browsing this forum: markos222 and 81 guests