takkkkkkk Posted March 14, 2021 Share Posted March 14, 2021 I'm trying to provision certificate, and I'm getting the following error: Sorry, an error occurred in processing your SSL certificate. The error is: Your router or DNS server has DNS rebinding protection enabled, preventing The help message seems to show that I need to add configuration line: Ubiquiti USG router: you can add this configuration line: set service dns forwarding options rebind-domain-ok=/unraid.net/ and I've been reading that it seems like UDM Pro / UDM would not allow for configuration changes? Is this true? If it's this is possible are there any documentation as to how to get this done? I've tried with SSH, and it doesn't seem to be working Quote Link to comment
ljm42 Posted March 15, 2021 Share Posted March 15, 2021 I don't have any experience with that router, if nobody else chimes in you may need to google "routername dns rebind" and see if you can get details. If you have the option to disable it just for unraid.net that would be best, then you can still have DNS rebind protection for everything else. Quote Link to comment
tjb_altf4 Posted March 15, 2021 Share Posted March 15, 2021 This might help you out. https://www.spxlabs.com/blog/2020/12/30/workaround-for-dns-rebinding-protection-on-the-udm-pro-and-unraid-ssl-provisioning Quote Link to comment
bonienl Posted March 15, 2021 Share Posted March 15, 2021 Configuration of Ubiquiti USG routers can be customized by the use of the "config.gateway.json" file, see this article of Ubiquiti. Unfortunately the UDM models don't support this feature. Seems there is no alternative atm. For those interested, the following script can be used in config.gateway.json { "service": { "dns": { "forwarding": { "options": ["rebind-domain-ok=/unraid.net/"] } } } } Quote Link to comment
takkkkkkk Posted March 15, 2021 Author Share Posted March 15, 2021 16 hours ago, tjb_altf4 said: This might help you out. https://www.spxlabs.com/blog/2020/12/30/workaround-for-dns-rebinding-protection-on-the-udm-pro-and-unraid-ssl-provisioning I was reading that and unfortunately, I do not have pihole.. Quote Link to comment
boosting1bar Posted March 15, 2021 Share Posted March 15, 2021 (edited) I'm connecting to my unRAID server remotely through my UDM Pro without any issues. I use NextDNS as my DNS provider and run their CLI client on the UDMP. Who is your DNS provider? That may well be the issue and not the UDMP. If it is indeed the UDMP just set up a NextDNS account and install the CLI client on your UDMP with this command: sh -c 'sh -c "$(curl -sL https://nextdns.io/install)"' Edited March 15, 2021 by boosting1bar Quote Link to comment
sreknob Posted March 15, 2021 Share Posted March 15, 2021 FWIW, I'm running two unRAID servers behind a UDMP right now with this working properly. I'm on 1.8.6 firmware. No DNS modifications, using ISP DNS. The first server worked right away when I set it up. The second one was giving me the same error as you yesterday but provisioned fine today. Quote Link to comment
takkkkkkk Posted March 16, 2021 Author Share Posted March 16, 2021 15 hours ago, sreknob said: FWIW, I'm running two unRAID servers behind a UDMP right now with this working properly. I'm on 1.8.6 firmware. No DNS modifications, using ISP DNS. The first server worked right away when I set it up. The second one was giving me the same error as you yesterday but provisioned fine today. Oh Weird, I tried it today after reading your comment, and it seems to work fine now... 2 Quote Link to comment
Minimushroomman Posted March 26, 2021 Share Posted March 26, 2021 On 3/16/2021 at 10:46 AM, takkkkkkk said: Oh Weird, I tried it today after reading your comment, and it seems to work fine now... Just setting up unraid 6.9 and am using the UDMPro, I am getting the same initial error message when provisioning the certificate. I saw the workaround using PiHole but I also am not using it. Any idea what fixed it for you? The UDM is on version 1.9.2 and network version 6.1.70. Quote Link to comment
Minimushroomman Posted March 27, 2021 Share Posted March 27, 2021 18 hours ago, Minimushroomman said: Just setting up unraid 6.9 and am using the UDMPro, I am getting the same initial error message when provisioning the certificate. I saw the workaround using PiHole but I also am not using it. Any idea what fixed it for you? The UDM is on version 1.9.2 and network version 6.1.70. Same weird thing, tried again today and it works! Not sure why lol. Quote Link to comment
numblock699 Posted April 9, 2021 Share Posted April 9, 2021 This has me baffled. Wouldn't enabled DNS rebinding protection on a router prevent you from using Pi-Hole in the first place? I have this issue though, Pi-Hole does not help me. Quote Link to comment
fredl Posted April 12, 2021 Share Posted April 12, 2021 I also have the same issue, my UDM-Pro is still on 1.8.5.2964. Quote Link to comment
Minimushroomman Posted April 12, 2021 Share Posted April 12, 2021 1 hour ago, fredl said: I also have the same issue, my UDM-Pro is still on 1.8.5.2964. What version of the networking software do you have? I'm currently running on 6.1.71, and was on 6.1.70 when I got it to work. It seemed like just trying again the next day worked for whatever reason, let us know if you can get it to work in the next ~24 hrs. Quote Link to comment
fredl Posted April 12, 2021 Share Posted April 12, 2021 1 hour ago, Minimushroomman said: What version of the networking software do you have? I'm currently running on 6.1.71, and was on 6.1.70 when I got it to work. It seemed like just trying again the next day worked for whatever reason, let us know if you can get it to work in the next ~24 hrs. Upgraded just the Network Controller and now it worked! Quote Link to comment
bonienl Posted April 12, 2021 Share Posted April 12, 2021 On 4/10/2021 at 12:32 AM, numblock699 said: This has me baffled. Wouldn't enabled DNS rebinding protection on a router prevent you from using Pi-Hole in the first place? I have this issue though, Pi-Hole does not help me. Rebinding and name resolving are two different things. An analogy story. Say your contact to handle your money affairs is John. One day you need a face-to-face meeting to discuss a delicate matter with John. You go to the bank (name resolving) and upon arrival the receptionist says: "Sorry John is unavailable now, I refer you to Jim instead" (rebinding) Now, it is up to you (the router) to allow this referral or not (do you trust Jim enough). Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.