cancel
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Please give us the option to disable DNS rebind protection (or whitelist addresses)

ConcreteLlama
3: Seeker
3: Seeker

So I have the VOX 3.0 (THG300G) router, got it a while ago. Generally seems fine but some things just do not work with it on my local network, and it is entirely due to DNS rebind protection, which the previous router didn't have. This is a security feature, which is great, but it prevents some HTTPS services I run on my local network from working.

Examples include:

  • The GUI for unRAID. The workaround for this is to enter https://<ip address> to get to it but it's not an ideal solution
  • Some Plex clients cannot connect to the Plex server
  • I hear it can also cause problems with things like Pi-Hole

The proposed workaround I heard for this was to either

  • Get my own router and modem (which.. yeah, that would give me a lot of flexibility but then I have to buy a separate router and modem - the latter because for some inexplicable reason, the router provided can't be switched to modem only mode)
  • Setup my own DNS and DHCP servers with some software like dnsmasq, which would be great but I see no option in the router to change the DHCP server address, just to disable the DHCP server. Which would work but then I'd have to manually configure all my devices (and there are a lot, not all of which are particularly easy to change the settings for)

So are there any other workarounds for this? And Vodafone, could you please add in the option to just disable DNS rebind protection? I totally get why it's there, but it's really getting in the way. The only viable workaround I have right now is to do the following:

 

  1. Disconnect the current router
  2. Connect the old Vodafone router and use that instead as it actually works

Not everyone has that option though, especially if they've just moved to Vodafone. Plus I'd rather be using newer, better equipment.

3 REPLIES 3

mshahat
3: Seeker
3: Seeker

this is a deal breaker for me, i moved to vodafone 2 days ago, i am moving out soon , waiting to have a call with their tech 3 team, if i can't be promised a solution in a few days , i am out ... i don't wnat to invest into any other solutions too ...  

Anonymous
Not applicable

I stayed stumm on this for a while hoping someone else could give you better news!

 

The VF modem routers like those of various other ISPs are really out there for the average user who just wants to stream, browse, and play on social media.  So as soon as you have devices that you want to access externally or even internal media servers, you are trying to go beyond the abilities of hardware (and often the support staff).  The only solution is to have your own modem+router - though I'd still suggest going for something that is not too uncommon (ie not pfsense if you can avoid it).

 

Specifics:

PLEX - IMHO since trying squeeze as much revenue as they can from the platform they've really messed it up - even for those who have paid for services from them!

PiHole (and Diversion) - I can confirm first-hand that PiHole has issues with DNS Rebind protection. 

 

Using the old router:  The means this uses to identify you to the network may mean that it could just stop working, and then you've a different set of issues related to the poor firmware of the old router!

 

The tech team 3 solution: Realistically you need a fix for this now, not in 3 - 6 months or possibly never.  I would be wary though of moving to another ISP and ending up in the exact same situation!

 

As I said at the beginning I wish I had better news, so all I can say for now is good luck in however you attempt to fix this!

Yeah I figure this is likely the case. The only reason I'm using the VF router is that I used to have issues with a separate modem/router combo I used (specifically on Vodafone) so sold them and decided the VF kit was "good enough". And for the most part, it was. Until I got this new router which is, again, mostly fine but has this DNS rebind protection issue. Funnily enough it actually works fine with services on my network I want to access externally, just not local HTTPS connections due to the way the certs work.

 

If I were to replace the kit I'd probably just search these forums for modems people have used and pick my own router, as once you're connected to VF the router side is more of a personal preference thing (as long as it has the features you want). I really like the look of DumaOS routers but there aren't a lot of them around. Either way, I'd rather not have to invest in other kit and I can't imagine it would be particularly difficult to add a rebind protection switch, but I get that it's not very likely to happen. Oh well I guess I can use all that money I'm saving by being on Vodafone to buy some better kit!

 

I agreee about Plex, to some degree. I still think it's great but I have noticed some odd quirks recently. I did switch to Emby for a while, which I thought was fantastic but there was some issue with it, and I've completely forgotten the specifics of it now so maybe it's time to try it again!