Hello
Not sure where report it, will try here.
I using you DNS in my router configuration and in logs found a lot of warnings like:
Sun Aug 1 14:48:32 2021 daemon.warn dnsmasq[31252]: possible DNS-rebind attack detected: analyticsnew.overwolf.com
After ask experts they found that addresses return IP 0.0.0.0, example below:
$ dig @94.140.14.14 ichnaea.netflix.com
; <<>> DiG 9.16.8-Ubuntu <<>> @94.140.14.14 ichnaea.netflix.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2934
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 0f62e0ffc9ebd592 (echoed)
;; QUESTION SECTION:
;ichnaea.netflix.com. IN A
;; ANSWER SECTION:
ichnaea.netflix.com. 3600 IN A 0.0.0.0
;; Query time: 31 msec
;; SERVER: 94.140.14.14#53(94.140.14.14)
;; WHEN: śro sie 04 15:41:23 CEST 2021
;; MSG SIZE rcvd: 76
Right now in my DNS serivce on router (DNSMasq) add exception domain rebind however this is not a solution, please fix configuration from your site and prevent returin in A field 0.0.0.0.
At this moment after few days of collecting information I have below list of domain returning 0.0.0.0 and every day growing...
list rebind_domain '4f099b5c3b772c4f24cd47b3c8e18150.clo.footprintdns.com'
list rebind_domain 'ads.samsungads.com'
list rebind_domain 'analyticsnew.overwolf.com'
list rebind_domain 'api.adinplay.com'
list rebind_domain 'browser.pipe.aria.microsoft.com'
list rebind_domain 'mc.yandex.ru'
list rebind_domain 'www.google-analytics.com'
list rebind_domain 'config.uca.cloud.unity3d.com'
list rebind_domain 'g.live.com'
list rebind_domain 'ichnaea.netflix.com'
list rebind_domain 'ad.doubleclick.net'
list rebind_domain 'pagead2.googlesyndication.com'
list rebind_domain 'googleads.g.doubleclick.net'
list rebind_domain 'securepubads.g.doubleclick.net'
Please fix it.
PS. More logs and details you can found under below link (only PL)
BR, Krzysiek
Not sure where report it, will try here.
I using you DNS in my router configuration and in logs found a lot of warnings like:
Sun Aug 1 14:48:32 2021 daemon.warn dnsmasq[31252]: possible DNS-rebind attack detected: analyticsnew.overwolf.com
After ask experts they found that addresses return IP 0.0.0.0, example below:
$ dig @94.140.14.14 ichnaea.netflix.com
; <<>> DiG 9.16.8-Ubuntu <<>> @94.140.14.14 ichnaea.netflix.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2934
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 0f62e0ffc9ebd592 (echoed)
;; QUESTION SECTION:
;ichnaea.netflix.com. IN A
;; ANSWER SECTION:
ichnaea.netflix.com. 3600 IN A 0.0.0.0
;; Query time: 31 msec
;; SERVER: 94.140.14.14#53(94.140.14.14)
;; WHEN: śro sie 04 15:41:23 CEST 2021
;; MSG SIZE rcvd: 76
Right now in my DNS serivce on router (DNSMasq) add exception domain rebind however this is not a solution, please fix configuration from your site and prevent returin in A field 0.0.0.0.
At this moment after few days of collecting information I have below list of domain returning 0.0.0.0 and every day growing...
list rebind_domain '4f099b5c3b772c4f24cd47b3c8e18150.clo.footprintdns.com'
list rebind_domain 'ads.samsungads.com'
list rebind_domain 'analyticsnew.overwolf.com'
list rebind_domain 'api.adinplay.com'
list rebind_domain 'browser.pipe.aria.microsoft.com'
list rebind_domain 'mc.yandex.ru'
list rebind_domain 'www.google-analytics.com'
list rebind_domain 'config.uca.cloud.unity3d.com'
list rebind_domain 'g.live.com'
list rebind_domain 'ichnaea.netflix.com'
list rebind_domain 'ad.doubleclick.net'
list rebind_domain 'pagead2.googlesyndication.com'
list rebind_domain 'googleads.g.doubleclick.net'
list rebind_domain 'securepubads.g.doubleclick.net'
Please fix it.
PS. More logs and details you can found under below link (only PL)
BR, Krzysiek