My network has a fortinet fortigate 200F firewall and active directory running windows server 2019 (DHCP and DNS) and is connected to the Internet via two different ISPs (A and B) with their respective routers/modems configured for load balancing. There is also an external web server connected to the firewall (not in DMZ) and served by a static IP address provided by one of the ISPs (A). The ISP A router/modem is a netgate pfsense configured to use public IP1 for external connections and private IP2 for internal connections.
The network worked fine until a few months ago, when ISP A replaced its router/modem and the error started to appear: Potential DNS Rebind attack detected. Nothing was changed on my side except the software update, but the configuration remained the same. The problem is always present from the internal network (LAN) regardless of the operating system or browser used, but does not exist from the external network. In fact, if I use a VPN from the internal network, the problem disappears.
The strange thing is that the problem occurs randomly, i.e. it works fine for a few hours and then stops working for a few minutes, sometimes it works intermittently for a few minutes. When the network is not working properly, I found out via nslookup that the DNS is not resolving the URL properly: it provides the public IP IP1 instead of the private IP2.
Unfortunately, I do not have access to ISP A router/modem configuration. So I have limited ability to solve the problem. According to the documentation, the problem could be solved in several ways. The simplest:
Add your FQDN to the configuration.
System->Advanced
Alternate Hostnames
Probably, the best one is split DNS.
After contacting ISP A and reporting the problem, they replied that I have to make sure that I use their DNS as the main one so that the clients receive the private IP2 of the web server: URL -> private IP 2, not public IP 1.
I have rechecked my configuration (fortinet, active dsirectory, DNS, web server and client) several times, but have been unable to solve the problem. What can I do? I think there is a configuration error on ISP A router/modem.
Thank you
The network worked fine until a few months ago, when ISP A replaced its router/modem and the error started to appear: Potential DNS Rebind attack detected. Nothing was changed on my side except the software update, but the configuration remained the same. The problem is always present from the internal network (LAN) regardless of the operating system or browser used, but does not exist from the external network. In fact, if I use a VPN from the internal network, the problem disappears.
The strange thing is that the problem occurs randomly, i.e. it works fine for a few hours and then stops working for a few minutes, sometimes it works intermittently for a few minutes. When the network is not working properly, I found out via nslookup that the DNS is not resolving the URL properly: it provides the public IP IP1 instead of the private IP2.
Unfortunately, I do not have access to ISP A router/modem configuration. So I have limited ability to solve the problem. According to the documentation, the problem could be solved in several ways. The simplest:
Add your FQDN to the configuration.
System->Advanced
Alternate Hostnames
Probably, the best one is split DNS.
After contacting ISP A and reporting the problem, they replied that I have to make sure that I use their DNS as the main one so that the clients receive the private IP2 of the web server: URL -> private IP 2, not public IP 1.
I have rechecked my configuration (fortinet, active dsirectory, DNS, web server and client) several times, but have been unable to solve the problem. What can I do? I think there is a configuration error on ISP A router/modem.
Thank you
Facebook
Twitter