**********.unraid.net not working, showing "ERR_NAME_NOT_RESOLVED"


mihcox

Recommended Posts

I am jumping in here with a suggestion.   Turn on the 'Help' for this page   ('?'-in-a-circle icon at the right side of the toolbar at the top of the page.) 

 

Now, look the Help material at the bottom of the page.  Read the material following these statements: 

Quote

Note: Provision may fail if your router or upstream DNS server has DNS rebinding protection enabled. DNS rebinding protection prevents DNS from resolving a private IP network range. DNS rebinding protection is meant as a security feature on a local LAN which includes legacy devices with buggy/insecure "web" interfaces.

 

This was a big issue when SSL/TLS was first implemented into Unraid.  (Problem is I can't remember what the error messages were.)  While the solution for many of the routers that enable rebinding protections by default are included in the 'Help' information, it is quite possible that there are now a few more have implemented it as the default rather than being an option.  If you decided to increase router/dns_security, you could have enabled it while doing so. 

Edited by Frank1940
Link to comment
7 hours ago, Frank1940 said:

I am jumping in here with a suggestion.   Turn on the 'Help' for this page   ('?'-in-a-circle icon at the right side of the toolbar at the top of the page.) 

 

Now, look the Help material at the bottom of the page.  Read the material following these statements: 

 

This was a big issue when SSL/TLS was first implemented into Unraid.  (Problem is I can't remember what the error messages were.)  While the solution for many of the routers that enable rebinding protections by default are included in the 'Help' information, it is quite possible that there are now a few more have implemented it as the default rather than being an option.  If you decided to increase router/dns_security, you could have enabled it while doing so. 

 

I dont think thats it, im using a pihole and these are my router settings:

 

image.png.f92b929aca153e50f2b93b92e443f80d.png

 

https://192.xxx.xxx.xx is working though it is showing as "not secure"

Edited by mihcox
Link to comment

Please read my earlier post as I left out two words which completely change the meaning of that sentence! 

 

Regarding those settings.  I believe you are going to have to turn on the circled one so that the local request is redirected as shown below.

image.png.da578a9441ff9d00aae591235514b3cf.png

 

If that does not fix the problem, you could take pihole out of your configuration and see what happens.  (Or take your Unraid server off of the pihole service.)

Link to comment
13 hours ago, Frank1940 said:

Please read my earlier post as I left out two words which completely change the meaning of that sentence! 

 

Regarding those settings.  I believe you are going to have to turn on the circled one so that the local request is redirected as shown below.

image.png.da578a9441ff9d00aae591235514b3cf.png

 

If that does not fix the problem, you could take pihole out of your configuration and see what happens.  (Or take your Unraid server off of the pihole service.)

 

After doing that, i get the following error in IE when trying to load the page:

 

DLG_FLAGS_SEC_CERT_CN_INVALID

Link to comment
On 2/20/2021 at 9:09 PM, mihcox said:

I am unable to hit renew, which I believe would resolve this issue.

 

According to the screenshot, the certificate doesn't expire until Apr 2021, so renewing would not help.

 

What happens when you press "Update DNS"? Does it show that the correct IP address "has been updated for unraid.net"?

 

1 hour ago, mihcox said:

i get the following error in IE

 

Sorry, IE is not supported by the Unraid webgui. Please use a current version of Chrome or Firefox. Pretty sure a current version of Edge would work too.

Link to comment
1 hour ago, ljm42 said:

 

According to the screenshot, the certificate doesn't expire until Apr 2021, so renewing would not help.

 

What happens when you press "Update DNS"? Does it show that the correct IP address "has been updated for unraid.net"?

 

 

Sorry, IE is not supported by the Unraid webgui. Please use a current version of Chrome or Firefox. Pretty sure a current version of Edge would work too.

 

No issue, the same is true for chrome/firefox/edge as well. Just wanted to be clear, i can use https://192.168.xxx.xxx fine, but with the .unraid.net it will not load

 

image.png.17cdfc5f74323301378716fc5b4348bb.png

 

Chrome:

 

1.thumb.PNG.a8660cb10f64cac26ac57e8f7b3f5420.PNG

Link to comment

The Chrome error message shows that your client computer is unable to get an IP address for yourpersonalhash.unraid.net. The most likely cause is DNS Rebinding, although it could be some other local DNS problem.

 

On your client computer, go to a command prompt and type

ping rebindtest.unraid.net

 

If rebinding is NOT an issue you will see that address resolves to 192.168.42.42 (the ping will still fail, but what we are checking here is whether it can resolve to an IP address)

C:\>ping rebindtest.unraid.net

Pinging rebindtest.unraid.net [192.168.42.42] with 32 bytes of data:
Request timed out.

Ping statistics for 192.168.42.42:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
Control-C
^C

 

This address has existed for months, so if it does not resolve to an IP address then it is unlikely to be a weird caching problem, it means *something* (either your pihole, your upstream DNS provider, your router, your ISP, perhaps even security software running on the client computer) has DNS rebinding protection that is preventing a valid FQDN from returning a non-routable IP address.

Link to comment
5 hours ago, ljm42 said:

The Chrome error message shows that your client computer is unable to get an IP address for yourpersonalhash.unraid.net. The most likely cause is DNS Rebinding, although it could be some other local DNS problem.

 

On your client computer, go to a command prompt and type


ping rebindtest.unraid.net

 

If rebinding is NOT an issue you will see that address resolves to 192.168.42.42 (the ping will still fail, but what we are checking here is whether it can resolve to an IP address)


C:\>ping rebindtest.unraid.net

Pinging rebindtest.unraid.net [192.168.42.42] with 32 bytes of data:
Request timed out.

Ping statistics for 192.168.42.42:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
Control-C
^C

 

This address has existed for months, so if it does not resolve to an IP address then it is unlikely to be a weird caching problem, it means *something* (either your pihole, your upstream DNS provider, your router, your ISP, perhaps even security software running on the client computer) has DNS rebinding protection that is preventing a valid FQDN from returning a non-routable IP address.

 

After trial and error based on what you provided, the unbound server I was using as a part of my pihole was blocking this flow. Pointing my dns back to google/cloudflare worked fine.

 

So other than disabling it so this works, is there a workaround? Otherwise how can I switch back to just using my local ip, instead of the unraidhash?

Link to comment
2 hours ago, mihcox said:

After trial and error based on what you provided, the unbound server I was using as a part of my pihole was blocking this flow. Pointing my dns back to google/cloudflare worked fine.

 

So other than disabling it so this works, is there a workaround?

 

A Google search for "unbound dns rebind protection" points to this:
  https://pfsense-docs.readthedocs.io/en/latest/dns/dns-rebinding-protections.html

Maybe that can get you started?

 

Another option would be to override the DDNS provided by unraid.net and hard-code your DNS server so that on your network, yourpersonalhash.unraid.net resolves to the correct IP. The downside is if you later change the IP but forget you setup this local DNS entry, it will be extremely hard to figure out why things aren't working.

 

2 hours ago, mihcox said:

Otherwise how can I switch back to just using my local ip, instead of the unraidhash?

 

On the Settings -> Management Access page, set "Use SSL/TLS" to "No". 

Link to comment
  • 6 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.