March 14, 20215 yr I'm trying to provision certificate, and I'm getting the following error: Sorry, an error occurred in processing your SSL certificate. The error is: Your router or DNS server has DNS rebinding protection enabled, preventing The help message seems to show that I need to add configuration line: Ubiquiti USG router: you can add this configuration line: set service dns forwarding options rebind-domain-ok=/unraid.net/ and I've been reading that it seems like UDM Pro / UDM would not allow for configuration changes? Is this true? If it's this is possible are there any documentation as to how to get this done? I've tried with SSH, and it doesn't seem to be working
March 15, 20215 yr I don't have any experience with that router, if nobody else chimes in you may need to google "routername dns rebind" and see if you can get details. If you have the option to disable it just for unraid.net that would be best, then you can still have DNS rebind protection for everything else.
March 15, 20215 yr Community Expert This might help you out. https://www.spxlabs.com/blog/2020/12/30/workaround-for-dns-rebinding-protection-on-the-udm-pro-and-unraid-ssl-provisioning
March 15, 20215 yr Configuration of Ubiquiti USG routers can be customized by the use of the "config.gateway.json" file, see this article of Ubiquiti. Unfortunately the UDM models don't support this feature. Seems there is no alternative atm. For those interested, the following script can be used in config.gateway.json { "service": { "dns": { "forwarding": { "options": ["rebind-domain-ok=/unraid.net/"] } } } }
March 15, 20215 yr Author 16 hours ago, tjb_altf4 said: This might help you out. https://www.spxlabs.com/blog/2020/12/30/workaround-for-dns-rebinding-protection-on-the-udm-pro-and-unraid-ssl-provisioning I was reading that and unfortunately, I do not have pihole..
March 15, 20215 yr I'm connecting to my unRAID server remotely through my UDM Pro without any issues. I use NextDNS as my DNS provider and run their CLI client on the UDMP. Who is your DNS provider? That may well be the issue and not the UDMP. If it is indeed the UDMP just set up a NextDNS account and install the CLI client on your UDMP with this command: sh -c 'sh -c "$(curl -sL https://nextdns.io/install)"' Edited March 15, 20215 yr by boosting1bar
March 15, 20215 yr FWIW, I'm running two unRAID servers behind a UDMP right now with this working properly. I'm on 1.8.6 firmware. No DNS modifications, using ISP DNS. The first server worked right away when I set it up. The second one was giving me the same error as you yesterday but provisioned fine today.
March 16, 20215 yr Author 15 hours ago, sreknob said: FWIW, I'm running two unRAID servers behind a UDMP right now with this working properly. I'm on 1.8.6 firmware. No DNS modifications, using ISP DNS. The first server worked right away when I set it up. The second one was giving me the same error as you yesterday but provisioned fine today. Oh Weird, I tried it today after reading your comment, and it seems to work fine now...
March 26, 20215 yr On 3/16/2021 at 10:46 AM, takkkkkkk said: Oh Weird, I tried it today after reading your comment, and it seems to work fine now... Just setting up unraid 6.9 and am using the UDMPro, I am getting the same initial error message when provisioning the certificate. I saw the workaround using PiHole but I also am not using it. Any idea what fixed it for you? The UDM is on version 1.9.2 and network version 6.1.70.
March 27, 20215 yr 18 hours ago, Minimushroomman said: Just setting up unraid 6.9 and am using the UDMPro, I am getting the same initial error message when provisioning the certificate. I saw the workaround using PiHole but I also am not using it. Any idea what fixed it for you? The UDM is on version 1.9.2 and network version 6.1.70. Same weird thing, tried again today and it works! Not sure why lol.
April 9, 20215 yr This has me baffled. Wouldn't enabled DNS rebinding protection on a router prevent you from using Pi-Hole in the first place? I have this issue though, Pi-Hole does not help me.
April 12, 20215 yr 1 hour ago, fredl said: I also have the same issue, my UDM-Pro is still on 1.8.5.2964. What version of the networking software do you have? I'm currently running on 6.1.71, and was on 6.1.70 when I got it to work. It seemed like just trying again the next day worked for whatever reason, let us know if you can get it to work in the next ~24 hrs.
April 12, 20215 yr 1 hour ago, Minimushroomman said: What version of the networking software do you have? I'm currently running on 6.1.71, and was on 6.1.70 when I got it to work. It seemed like just trying again the next day worked for whatever reason, let us know if you can get it to work in the next ~24 hrs. Upgraded just the Network Controller and now it worked!
April 12, 20215 yr On 4/10/2021 at 12:32 AM, numblock699 said: This has me baffled. Wouldn't enabled DNS rebinding protection on a router prevent you from using Pi-Hole in the first place? I have this issue though, Pi-Hole does not help me. Rebinding and name resolving are two different things. An analogy story. Say your contact to handle your money affairs is John. One day you need a face-to-face meeting to discuss a delicate matter with John. You go to the bank (name resolving) and upon arrival the receptionist says: "Sorry John is unavailable now, I refer you to Jim instead" (rebinding) Now, it is up to you (the router) to allow this referral or not (do you trust Jim enough).
Archived
This topic is now archived and is closed to further replies.