why can’t i browse locally to my server without authentication when using the server’s dns name?
https://gyazo.com/c3cb356db628f6999934f8ed12820c8a (dns resolves to the .9 ip)
https://gyazo.com/af880f07ac5c45bf15fcfc83feedd4a0
advanced settings have been set for years
local ip
resolve
Hi,
I have no screenshot but I have the same issue. After updating to version plexmediaserver_1.1.3.2700-6f64a8d_amd64.deb I can’t access plex (using DNS name) without authentication. My server is used only in local subnet. But, if I access using IP address it works.
I didn’t change anything in my settings since…2 years.
release notes of version 1.1.0
(Security) When server is signed in, clients must be signed in as well, even if they are on the LAN or on localhost. (#3819)
and see also release notes of version 1.1.3
IMPORTANT: With the security changes in version 1.1.0, if your Plex Media Server is signed in to a plex.tv account, then all of the apps you use must also be signed-in. If you use older apps that cannot authenticate (e.g. LG’s MediaLink app), you can add the IP address of the device to the following advanced preference: Settings > Server > Network > List of IP addresses and networks that are allowed without auth. (We strongly encourage apps to be signed in for improved security and enhanced functionality.)
the network settings have been there from day 1, again this issue is only based on DNS resolution, please read the post more closely
I’ve been using Plex Media Server for about 1 year without any problems. Rock solid performance.
Then THIS update comes…and all hell breaks loose.
Using Samsung SmartTV Plex app. Before the update it could discover my Plex Media Server, now it can’t unless I manually input my localhost IP, but it’s only temporary until I exit the app and come back. Then I have do to it again.
The “add the IP address of the device to the following advanced preference: Settings > Server > Network > List of IP addresses and networks that are allowed without auth” doesn’t fix anything. On my Plex Media Server PC, I can only access my Plex libraries if I log out of my account. If logged in, I have to authenticate every time I open plex just to see my local libraries.
Is there anyway to revert back to previous update?
Just figured out how to revert back to version 1.0.3.2461-35f0caa.
Everything now works fine. I don’t like this new direction Plex is taking, forcing people to log in, authenticate and forced online access required just to access local libraries. You have to think about old people using this, it shouldn’t be this complicated and I should not have delve into complex advanced network settings.
Please think of PC-illiterate people too!
@littlebill21 said:
the network settings have been there from day 1, again this issue is only based on DNS resolution, please read the post more closely
Sorry, my mistake!
I was told that it is intentional that DNS names which resolve as a local address are treated as non-local.
Among other reasons to help protect against Bouke van der Bijl type class of attacks.
are you a plex employee? is this confirmed? is there a workaround to this?
Cant connect to Plex TV app via Samsung Smart TV (2015) broke… 
folks these are separate issues, samsung guys should be making their own thread…
@littlebill21 said:
are you a plex employee?
I am a contractor.
is this confirmed?
Yes, this is info from the developers.
is there a workaround to this?
Not that I know of, currently.
OttoKerner is correct; this is a deliberate change to protect against a few types of attacks including cross-site request forgery and DNS rebinding. We’re working on a feature that adds the server’s own hostname (from uname -n) to the domain whitelist. For other custom domains, the server can’t tell if the domain belongs to you or to an attacker, so you’ll need to sign in.
For other custom domains, the server can’t tell if the domain belongs to you or to an attacker, so you’ll need to sign in.
And the IP address ?
gethostbyname(“my.domain.lan”);
Unfortunately, in those cases DNS rebinding attacks mean DNS resolution post-facto isn’t a valid test.
After updating I am not able to connect to my plex server at home either remotely via the android app nor via the web player.
what i did was go into rarflix/plex preferences (gear) - connect myPlex account (to access your shared sections and queue, link your Roku player to your myPlex account) with the plex.tv/pin with a pin “code” .
I just came across this issue myself.
What I found is that Plex doesn’t like it if you use a DNS alias. Works fine if you use it’s actual hostname.
Still annoying, but since I interact with my server mostly via the Andriod app, I don’t have that issue.
I also run a local BIND/DNS server for all my local services. This breaks the option of allowing local machines to sign in without authentication. Surely the server can see that the connection is to a local machine and be made to respond correctly, right? Are there any work-arounds today or plans to fix this?
