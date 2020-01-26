Geekzone: technology news, blogs, forums
Spark Smart Modem (VRV9517) Plex DNS-rebind Issue


# 265543 26-Jan-2020 23:49
Hi all,

 

I am having an issue with the new spark smart modem (model VRV9517) and plex.  From googling and looking into the modem logs I can ascertain that its something to do with DNS-rebind attacks...  The log on the modem keeps coming up with an error message saying "Jan 26 23:35:13 VRV9517 daemon.warn dnsmasq[5106]: possible DNS-rebind attack detected: 192-168-1-80.(lots of letters and numbers).plex.direct"

 

When I do a NSlookup on the IP address it says the server name is smart.mesh... (I do not have any mesh setup) but it appears this is built into the modem....

 

No too much of a problem in theory, cos you should be able to add an exception for plex, however I am not able to locate where to do that... It appears that a work around would be to add the plex server to the DMZ, but surely there is a proper way to deal with it?

 

The issue that is being created is that INTERNAL users are getting indirect connections - remote seems to work fine.

 

Any thoughts or suggestions appreciated.

  # 2407275 26-Jan-2020 23:59
Do not add your Plex server to the DMZ. Forget about the DMZ. You're just opening yourself up to massive problems.

 

This is not something I tested when I had my unit. @hio77 may know more.




  # 2407276 27-Jan-2020 00:03
michaelmurfy:

 

Do not add your Plex server to the DMZ. Forget about the DMZ. You're just opening yourself up to massive problems.

 

This is not something I tested when I had my unit. @hio77 may know more.

 

 

 

 

Thanks, I didn't think DMZ was the right way to go, I did a bit of googling, but wasn't confident on this.

 
 
 
 


  # 2407278 27-Jan-2020 00:09
DNS rebind is where a FQDN resolves to RFC1918 local address space and this is supposed to be a security issue and the query response can be blocked, not sure why the application has been designed that way, not familiar with Plex sorry.

 

Vendor seems to be aware of it and offers some workarounds which may or may not be applicable to the Spark modem: https://support.plex.tv/articles/206225077-how-to-use-secure-server-connections/

