6.4.0: Error trying to provision certificate (“Your router or DNS provider has DNS rebinding protection enabled”


tmchow

Recommended Posts

I’m trying to provision a cert using the new integration with Let’s Encrypt in 6.4.0.

 

However, when I try to provision it through the UI, i get the error “Your router or DNS provider has DNS rebinding protection enabled...”.  

 

For my router, I have a Ubiquiti Unifi Security Gateway Pro, and from what I can tell on the Ubiquit forums, DNS rebinding protection is not enabled by default since so many people are asking for this ability.

 

My DNS provider is setup hard coded in the Unraid settings to be google.

 

What could be wrong?

Link to comment
  • 3 weeks later...

I have a USG router and I had to enter these commands.  The way that I did it was via an ssh session to the USG where I did the following commands:
 

configure
set service dns forwarding options rebind-domain-ok=/unraid.net/
commit
save
exit

And it seems to work.  But this setting will not survive a reboot of the USG.  Is this a command that just has to be done once for the initial config or will this have to be redone upon reboot?  And if so then I guess I will have to add it to the json config file.

Link to comment
20 minutes ago, bonienl said:

You need to create (copy) the json file to the correct folder where Unifi is installed (usually under /appdata on your cache device).

 

Yes - I already have an existing config.gateway.json file to set up OpenVPN server on my USG.   I was just wondering if it is possible to do this DNS forwarding option through the Controller software as Unifi keeps expanding the functionality available through the web UI.

Link to comment
  • 1 month later...

what if your using pfSense, but not the resolver but the forwarder, i've tried to add the custom options and it tells me they are invalid when i try to save.

 

I am using the forwarder because I am using airvpn pfSense guide.

 

If your using the DNS forwarder add a domain override

 

 

unraid ssl.PNG

Edited by ijuarez
Solved.
Link to comment
  • 5 years later...
On 2/4/2018 at 7:19 AM, bonienl said:

To make it survive re-provisioning of your router, you will need to create config.gateway.json. See also Ubiquiti support

{
  "service": {
    "dns": {
      "forwarding": {
        "options": [
          "rebind-domain-ok=/unraid.net/"
        ]
      }
    }
  }
}

 


Just in case someone has trouble adding config.gateway.json

 

you need to place the folder inside \data\sites\your_site_name

eg. for unraid running unifi controller in docker it would be "appdata\unifi-controller\data\sites\default"

 

If you don't have \data\sites\ directory you need to create the folders by creating a "floor plan" in unifi.  Click topology , then floorplan , then add floorplan.  If you don't have the floor plan option in the GUI you need to enable the legacy GUI under settings -> advanced or something like that.

 

Then you can create the config.gateway.json file and you should be good to go.

 

After creating / editing the file you need to run "force provision" to the USG in UniFi Devices > select the USG > Config > Manage Device > Force provision.

 

Hope that helps others.

 

Edited by kiwijunglist
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.