
<div dir="ltr">You're hitting the rebind protection filter; see <br><div class="gmail_extra"><a href="http://en.wikipedia.org/wiki/DNS_rebinding">http://en.wikipedia.org/wiki/DNS_rebinding</a></div><div class="gmail_extra"><br></div><div class="gmail_extra">Either disable rebind_protection or change the IP addresses returned by your DNS server in the wan</div><div class="gmail_extra"> <br><div class="gmail_quote">On Thu, Oct 30, 2014 at 9:32 PM, Kao Kevin <span dir="ltr"><<a href="mailto:Kevin.Kao@technicolor.com" target="_blank">Kevin.Kao@technicolor.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">


<div lang="EN-US" link="blue" vlink="purple">

<div>

<p class="MsoNormal">Hi,<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal">While Running tests in an openwrt based IP gateway, we noticed

<span style="color:rgb(31,73,125)">a dns problem running </span>openwrt <span style="color:rgb(31,73,125)">

in a gateway. <u></u><u></u></span></p>

<p class="MsoNormal"><span style="color:rgb(31,73,125)">When DNS proxy ( dnsmasq) forward the DNS reply, the Answer of section was extracted.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="color:rgb(31,73,125)"></span><u></u><u></u></p>

<p class="MsoNormal">Please refer to the following tests for the problem description.<u></u><u></u></p>

<p class="MsoNormal"><u></u> <u></u></p>

<p class="MsoNormal" style="margin-bottom:12pt;line-height:115%"><span style="color:rgb(31,73,125)">192.168.42.135  ------------------------  (192.168.42.1  GATEWAY  10.10.200.2)------…………  (1.1.1.1 DNS server)</span><u></u><u></u></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:30.75pt;line-height:115%">

<u></u><span>1.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span><u></u>The Gateway LAN interface pre-configured as 192.168.42.1. The Gateway LAN section is in <a href="http://192.168.42.0/255.255.255.0" target="_blank">192.168.42.0/255.255.255.0</a> subnet<u></u><u></u></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:30.75pt;line-height:115%">

<u></u><span>2.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span><u></u>A LAN Device is assigned IP to 192.168.42.135 from the DHCP server in the gateway.<u></u><u></u></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:30.75pt;line-height:115%">

<u></u><span style="color:rgb(31,73,125)"><span>3.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span></span><u></u>Have Gateway wan link set to network in subnet <span style="color:rgb(31,73,125)">

10.10.200</span>.xx/<a href="http://255.255.255.0" target="_blank">255.255.255.0</a><span style="color:rgb(31,73,125)">.<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:30.75pt;line-height:115%">

<u></u><span style="color:rgb(31,73,125)"><span>4.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span></span><u></u><span style="color:rgb(31,73,125)">Set up a DNS Server in WAN with IP:    1.1.1.1<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:30.75pt;line-height:115%">

<u></u><span style="color:rgb(31,73,125)"><span>5.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span></span><u></u>DHCP server (not in the picture) in<span style="color:rgb(31,73,125)"> the WAN subnet

</span>assign Gateway wan IP as <span style="color:rgb(31,73,125)">10.10.200.2<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:30.75pt;line-height:115%">

<u></u><span style="color:rgb(31,73,125)"><span>6.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span></span><u></u><span style="color:rgb(31,73,125)"> The LAN client initiates a DNS query. The query has source IP 192.168.42.135 and destination IP 192.268.42.1 (in lan.cap message 1)<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:30.75pt;line-height:115%">

<u></u><span style="color:rgb(31,73,125)"><span>7.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span></span><u></u><span style="color:rgb(31,73,125)">The Gateway forwards the query to dns server. The forwarded query has the  source IP 10.10.200.2 and destination 1.1.1.1  (in wan.cap msg 1)<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:30.75pt;line-height:115%">

<u></u><span style="color:rgb(31,73,125)"><span>8.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span></span><u></u><span style="color:rgb(31,73,125)">DNS server 1.1.1.1 sends DNS resolution response with resolved dns address. The response sends to the Gateway 10.10.200.2. (in wan.cap msg 2)<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:30.75pt;line-height:115%">

<u></u><span style="color:rgb(31,73,125)"><span>9.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span></span><u></u><span style="color:rgb(31,73,125)">The Gateway forwards the response to the client; but the forwarded response does not have the Answer.    (in lan.cap msg 2)<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:30.75pt;line-height:115%">

<span style="color:rgb(31,73,125)"><u></u> <u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<span style="color:rgb(31,73,125)">    Please review the attached wireshark.<u></u><u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<span style="color:rgb(31,73,125)"><u></u> <u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<span style="color:rgb(31,73,125)">Questions:<u></u><u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<span style="color:rgb(31,73,125)">     I wonder if this problem is due to:<u></u><u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<u></u><span style="color:rgb(31,73,125)"><span>1.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span></span><u></u><span style="color:rgb(31,73,125)">My tested openwrt is an older version; OR<u></u><u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<u></u><span style="color:rgb(31,73,125)"><span>2.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span></span><u></u><span style="color:rgb(31,73,125)">A simple config problem<u></u><u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<u></u><span style="color:rgb(31,73,125)"><span>3.<span style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:7pt;line-height:normal;font-family:'Times New Roman'">     

</span></span></span><u></u><span style="color:rgb(31,73,125)">The worst case is a S/W problem in dnsmasq that requires code modification<u></u><u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<span style="color:rgb(31,73,125)"><u></u> <u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<span style="color:rgb(31,73,125)">Anyone know the solution or ever see this problem, please gives us a reply.<u></u><u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<span style="color:rgb(31,73,125)"><u></u> <u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<span style="color:rgb(31,73,125)">Here is the version./release information the openwrt I am using:<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:0.5in;text-indent:0.5in;line-height:115%">

<span style="color:rgb(31,73,125)">The </span><span style="color:rgb(31,73,125)">etc/banner file

<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:1in;text-indent:0.5in;line-height:115%">

<span style="color:rgb(31,73,125)">Release : 14.3 <u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:1in;text-indent:0.5in;line-height:115%">

<span style="color:rgb(31,73,125)">Version: 14.44<u></u><u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<span style="color:rgb(31,73,125)"><u></u> <u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:0.5in;text-indent:0.5in;line-height:115%">

<span style="color:rgb(31,73,125)">The /etc/openwrt_version  file<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:1in;text-indent:0.5in;line-height:115%">

<span style="color:rgb(31,73,125)">  12.09.1<u></u><u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<span style="color:rgb(31,73,125)"><u></u> <u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:0.5in;text-indent:0.5in;line-height:115%">

<span style="color:rgb(31,73,125)">The /etc/openwrt_release file<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:1in;text-indent:0.5in;line-height:115%">

<span style="color:rgb(31,73,125)">DISTRIB_REVISION="r42647"<u></u><u></u></span></p>

<p style="margin-bottom:10pt;line-height:115%">

<span style="color:rgb(31,73,125)">                                             ISTRIB_CODENAME="attitude_adjustment"<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:1in;text-indent:0.5in;line-height:115%">

<span style="color:rgb(31,73,125)">DISTRIB_TARGET="brcm63xx-arm-tch/HG1XPROTO"<u></u><u></u></span></p>

<p style="margin-right:0in;margin-bottom:10pt;margin-left:1in;text-indent:0.5in;line-height:115%">

<span style="color:rgb(31,73,125)">DISTRIB_DESCRIPTION="OpenWrt Attitude Adjustment 12.09.1"<u></u><u></u></span></p>

<p class="MsoNormal">               <u></u><u></u></p>

<p class="MsoNormal" style="text-indent:0.5in">And the “uci show” related to the dnsmasq<u></u><u></u></p>

<p class="MsoNormal">                              dhcp.@dnsmasq[0]=dnsmasq<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].domainneeded=1<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].filterwin2k=0<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].localise_queries=1<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].rebind_protection=1<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].rebind_localhost=1<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].local=/lan/<u></u><u></u></p>

<p class="MsoNormal">                              dhcp.@dnsmasq[0].expandhosts=1<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].nonegcache=0<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].authoritative=1<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].readethers=1<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].leasefile=/tmp/dhcp.leases<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].dhcpscript=/lib/dnsmasq/dhcp-event.sh<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].domain=<a href="http://qacafe.com" target="_blank">qacafe.com</a><u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in">dhcp.@dnsmasq[0].boguspriv=0<u></u><u></u></p>

<p class="MsoNormal" style="margin-left:0.5in;text-indent:0.5in"><span style="color:black"><a href="mailto:dhcp.@dnsmasq[0].strictorder=1" target="_blank"><span style="color:black">dhcp.@dnsmasq[0].strictorder=1</span></a>

<u></u><u></u></span></p>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

</div>


<br>_______________________________________________<br>

openwrt-devel mailing list<br>

<a href="mailto:openwrt-devel@lists.openwrt.org">openwrt-devel@lists.openwrt.org</a><br>

<a href="https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel" target="_blank">https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel</a><br>

<br></blockquote></div><br></div></div>