tmchow Posted January 14, 2018 Share Posted January 14, 2018 I’m trying to provision a cert using the new integration with Let’s Encrypt in 6.4.0. However, when I try to provision it through the UI, i get the error “Your router or DNS provider has DNS rebinding protection enabled...”. For my router, I have a Ubiquiti Unifi Security Gateway Pro, and from what I can tell on the Ubiquit forums, DNS rebinding protection is not enabled by default since so many people are asking for this ability. My DNS provider is setup hard coded in the Unraid settings to be google. What could be wrong? Quote Link to comment
bonienl Posted January 14, 2018 Share Posted January 14, 2018 Enable HELP in the GUI. USG router doesn't allow rebinding and you need to set an exception. 1 Quote Link to comment
meoge Posted January 16, 2018 Share Posted January 16, 2018 I'm going to piggy back on this one. I'm getting the same error and my router isn't listed in the help. I've got a Netgear N600 and I don't see any settings related to rebinding. I've got DNS set to Google so it must be something in the router, correct? Quote Link to comment
Tophicles Posted January 16, 2018 Share Posted January 16, 2018 I'm chiming in too, I have a TP-LINK c5400 and I see nothing in there... Quote Link to comment
luigi408 Posted January 16, 2018 Share Posted January 16, 2018 I have an ASUS router, I am having the same problem when I did provision. My router does my DDNS and updates my dynamic IP to my Domain site. I'm not sure if that is contributing to this same error. I will try to update to Google DNS though like it says in the Help menu. Thanks. Quote Link to comment
ljm42 Posted January 16, 2018 Share Posted January 16, 2018 Wait 10 minutes and try again. In my experience, the DNS change did not propagate immediately. Not sure if that is because I use OpenDNS or something else. Quote Link to comment
robw83 Posted January 17, 2018 Share Posted January 17, 2018 OpenDNS also has settings that block dns rebinding attacks. You will need to disable that as well. Quote Link to comment
meoge Posted January 17, 2018 Share Posted January 17, 2018 Well I tried again today just to check and it worked? I'm up and running with a Let's Encrypt cert. thanks! Quote Link to comment
wayner Posted February 3, 2018 Share Posted February 3, 2018 I have a USG router and I had to enter these commands. The way that I did it was via an ssh session to the USG where I did the following commands: configure set service dns forwarding options rebind-domain-ok=/unraid.net/ commit save exit And it seems to work. But this setting will not survive a reboot of the USG. Is this a command that just has to be done once for the initial config or will this have to be redone upon reboot? And if so then I guess I will have to add it to the json config file. Quote Link to comment
bonienl Posted February 3, 2018 Share Posted February 3, 2018 (edited) To make it survive re-provisioning of your router, you will need to create config.gateway.json. See also Ubiquiti support { "service": { "dns": { "forwarding": { "options": [ "rebind-domain-ok=/unraid.net/" ] } } } } Edited February 3, 2018 by bonienl 1 Quote Link to comment
wayner Posted February 3, 2018 Share Posted February 3, 2018 Thanks Bonienl - I will add that to my existing config.gateway.json file. Quote Link to comment
wayner Posted February 3, 2018 Share Posted February 3, 2018 Oh, I forgot to ask initially - is there a way to enter this via the Unifi Controller software or does it have to be done via the CLI? Quote Link to comment
bonienl Posted February 3, 2018 Share Posted February 3, 2018 (edited) You need to create (copy) the json file to the correct folder where Unifi is installed (usually under /appdata on your cache device). Edited February 3, 2018 by bonienl Quote Link to comment
wayner Posted February 3, 2018 Share Posted February 3, 2018 20 minutes ago, bonienl said: You need to create (copy) the json file to the correct folder where Unifi is installed (usually under /appdata on your cache device). Yes - I already have an existing config.gateway.json file to set up OpenVPN server on my USG. I was just wondering if it is possible to do this DNS forwarding option through the Controller software as Unifi keeps expanding the functionality available through the web UI. Quote Link to comment
ijuarez Posted March 12, 2018 Share Posted March 12, 2018 (edited) what if your using pfSense, but not the resolver but the forwarder, i've tried to add the custom options and it tells me they are invalid when i try to save. I am using the forwarder because I am using airvpn pfSense guide. If your using the DNS forwarder add a domain override Edited March 12, 2018 by ijuarez Solved. Quote Link to comment
kiwijunglist Posted June 25, 2023 Share Posted June 25, 2023 (edited) On 2/4/2018 at 7:19 AM, bonienl said: To make it survive re-provisioning of your router, you will need to create config.gateway.json. See also Ubiquiti support { "service": { "dns": { "forwarding": { "options": [ "rebind-domain-ok=/unraid.net/" ] } } } } Just in case someone has trouble adding config.gateway.json you need to place the folder inside \data\sites\your_site_name eg. for unraid running unifi controller in docker it would be "appdata\unifi-controller\data\sites\default" If you don't have \data\sites\ directory you need to create the folders by creating a "floor plan" in unifi. Click topology , then floorplan , then add floorplan. If you don't have the floor plan option in the GUI you need to enable the legacy GUI under settings -> advanced or something like that. Then you can create the config.gateway.json file and you should be good to go. After creating / editing the file you need to run "force provision" to the USG in UniFi Devices > select the USG > Config > Manage Device > Force provision. Hope that helps others. Edited June 25, 2023 by kiwijunglist Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.