Unblocking Private IPs from Public DNS under PFSense
My home network has a domain name, so I don’t have to remember all the IP addresses of my various servers. However, I publish all the DNS information using AWS Route 53 since $0.50/month is much more palatable to me than running BIND. This works flawlessly until you get a firewall like PFsense that blocks all DNS responses for private IP address blocks (e.g. 192.168.x, 10.x, 172.16.x). Fortunately, it’s very easy to fix this under PFsense.
- Login to PFSense
- Check “Disable DNS Rebinding Checks”
Keep in mind that this is a security function you are disabling. This feature helps mitigate DNS Rebinding Attacks, so you should read more to understand the implications of such. You can also allow private IP resolution on a domain-by-domain basis per the PFSense docs. Personally, I prefer to use OpenDNS resolvers as they have better protection over DNS Rebinding and just about every other type of attack out there.