BKTEK Posted February 7, 2022 Share Posted February 7, 2022 (edited) Hi, folks. It's my first post and I'm unsure of where this question belongs. It also appears that the choices of where I can post are limited (I'd have posted in the My Servers Support, but it wasn't available) Simple question: How concerned should I be using the My Servers app? I know there are some read/write problems they're working on, but I'd still like to use the remote access feature. Watching SpaceInvaderOne's video on the plugin, I also learned a little about DNS Rebinding attacks. Does turning off DNS Rebinding Protection open me up to other problems? Are there other solutions? How safe is my data and activity while accessing my server remotely? Thank you. Edited February 7, 2022 by BKTEK Quote Link to comment
ljm42 Posted February 8, 2022 Share Posted February 8, 2022 My Servers has several features, one of which is Remote Access. You can read about this and other features here: https://wiki.unraid.net/My_Servers Regarding Remote Access and DNS Rebinding... DNS Rebinding is a protection that prevents your system from resolving a real domain name to a private IP. If you want to use full and proper SSL on an private IP it has to be disabled. On high-end routers you can disable it for specific domains like unraid.net or plex.direct, on other routers it is an all-or-nothing switch. Our Remote Access solution requires an unraid.net certificate from Let's Encrypt. In Unraid 6.9.2 this means you also have to use an unraid.net certificate for local access, and thus you have to disable DNS rebinding. In Unraid 6.10 this is not a requirement and you can use an unraid.net certificate for Remote Access while using http or a self-signed certificate for Local Access (so no need to disable DNS rebinding) Please see this wiki page for more information: https://wiki.unraid.net/My_Servers#Configuring_Remote_Access_.28optional.29 As mentioned on that wiki, you need to have a complex root password. Unraid does have protections built in to guard against brute force attacks, but it won't help if your password is "password". Also from the wiki - Remote Access gives you access to the Unraid webgui. If you want access to docker containers or other devices on the network then you want to look at setting a WireGuard VPN instead: 2 Quote Link to comment
BKTEK Posted February 9, 2022 Author Share Posted February 9, 2022 Thank you @squid and @ljm42. I'm in the market for a new router anyway - do you have any suggestions? Or maybe these features are available in DD-WRT or Tomato... Quote Link to comment
ljm42 Posted February 9, 2022 Share Posted February 9, 2022 I'm pretty sure that pfSense, OPNsense, and Unifi products allow you to disable DNS Rebinding protection for specific domains. I'm not sure about others, you'd want to Google "[brand] disable dns rebinding" Quote Link to comment
BKTEK Posted February 9, 2022 Author Share Posted February 9, 2022 16 minutes ago, ljm42 said: I'm pretty sure that pfSense, OPNsense, and Unifi products allow you to disable DNS Rebinding protection for specific domains. I'm not sure about others, you'd want to Google "[brand] disable dns rebinding" Thank you again for the info. I've been endeavoring to install Wireshark. It's one of those things where you open a can of worms. I have no idea what I even started with via SpaceInvaderOne's videos but each thing led to different thing I wanted to do until I had a laundry list of things to set up. I need to itemize the list, organize by order of practicality/importance, and then go from there. But setting up DuckDNS, PFSense, and Wireshark seem like VERY high priorities now. Thank you all again for the help. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.