Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Certificate Provision Issue: DNS Rebinding in UDM Pro?

Featured Replies

I'm trying to provision certificate, and I'm getting the following error: 

     

Sorry, an error occurred in processing your SSL certificate. The error is: Your router or DNS server has DNS rebinding protection enabled, preventing

 

The help message seems to show that I need to add configuration line:

Ubiquiti USG router: you can add this configuration line:

set service dns forwarding options rebind-domain-ok=/unraid.net/

and I've been reading that it seems like UDM Pro / UDM would not allow for configuration changes? Is this true?

If it's this is possible are there any documentation as to how to get this done? I've tried with SSH, and it doesn't seem to be working

I don't have any experience with that router, if nobody else chimes in you may need to google "routername dns rebind" and see if you can get details.

 

If you have the option to disable it just for unraid.net that would be best, then you can still have DNS rebind protection for everything else.

Configuration of Ubiquiti USG routers can be customized by the use of the "config.gateway.json" file, see this article of Ubiquiti.

Unfortunately the UDM models don't support this feature. Seems there is no alternative atm.

 

For those interested, the following script can be used in config.gateway.json

 

{
  "service": {
    "dns": {
      "forwarding": {
        "options": ["rebind-domain-ok=/unraid.net/"]
      }
    }
  }
}

 

I'm connecting to my unRAID server remotely through my UDM Pro without any issues.  I use NextDNS as my DNS provider and run their CLI client on the UDMP.  Who is your DNS provider?  That may well be the issue and not the UDMP.  If it is indeed the UDMP just set up a NextDNS account and install the CLI client on your UDMP with this command:

sh -c 'sh -c "$(curl -sL https://nextdns.io/install)"'

 

Edited by boosting1bar

FWIW, I'm running two unRAID servers behind a UDMP right now with this working properly.

I'm on 1.8.6 firmware. No DNS modifications, using ISP DNS.

The first server worked right away when I set it up. The second one was giving me the same error as you yesterday but provisioned fine today.

  • Author
15 hours ago, sreknob said:

FWIW, I'm running two unRAID servers behind a UDMP right now with this working properly.

I'm on 1.8.6 firmware. No DNS modifications, using ISP DNS.

The first server worked right away when I set it up. The second one was giving me the same error as you yesterday but provisioned fine today.

Oh Weird, I tried it today after reading your comment, and it seems to work fine now...

  • 2 weeks later...
On 3/16/2021 at 10:46 AM, takkkkkkk said:

Oh Weird, I tried it today after reading your comment, and it seems to work fine now...

Just setting up unraid 6.9 and am using the UDMPro, I am getting the same initial error message when provisioning the certificate. I saw the workaround using PiHole but I also am not using it. Any idea what fixed it for you? The UDM is on version 1.9.2 and network version 6.1.70.

18 hours ago, Minimushroomman said:

Just setting up unraid 6.9 and am using the UDMPro, I am getting the same initial error message when provisioning the certificate. I saw the workaround using PiHole but I also am not using it. Any idea what fixed it for you? The UDM is on version 1.9.2 and network version 6.1.70.

Same weird thing, tried again today and it works! Not sure why lol.

  • 2 weeks later...

This has me baffled. Wouldn't enabled DNS rebinding protection on a router prevent you from using Pi-Hole in the first place? I have this issue though, Pi-Hole does not help me.

 

I also have the same issue, my UDM-Pro is still on 1.8.5.2964.

1 hour ago, fredl said:

I also have the same issue, my UDM-Pro is still on 1.8.5.2964.

What version of the networking software do you have? I'm currently running on 6.1.71, and was on 6.1.70 when I got it to work. It seemed like just trying again the next day worked for whatever reason, let us know if you can get it to work in the next ~24 hrs.

1 hour ago, Minimushroomman said:

What version of the networking software do you have? I'm currently running on 6.1.71, and was on 6.1.70 when I got it to work. It seemed like just trying again the next day worked for whatever reason, let us know if you can get it to work in the next ~24 hrs.

Upgraded just the Network Controller and now it worked!

On 4/10/2021 at 12:32 AM, numblock699 said:

This has me baffled. Wouldn't enabled DNS rebinding protection on a router prevent you from using Pi-Hole in the first place? I have this issue though, Pi-Hole does not help me.

 

Rebinding and name resolving are two different things. An analogy story.

 

Say your contact to handle your money affairs is John. One day you need a face-to-face meeting to discuss a delicate matter with John.

 

You go to the bank (name resolving) and upon arrival the receptionist says: "Sorry John is unavailable now, I refer you to Jim instead" (rebinding)

 

Now, it is up to you (the router) to allow this referral or not (do you trust Jim enough).

 

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.