DNS Rebinding issue

I’m about to pull my hair out on this DNS rebinding issue. …or at least, I assume its a rebinding issue.

Blah, blah… clients can’t connect to PMS securely on the local network, but can via insecure connections, etc. etc…

All my googling says it’s a rebind issue and give limited information on fixing it based on very limited DNS setups. Most of the posts in google land just say “fix it on your router” and nothing actually helpful.

So here’s where my setup gets different and why I don’t even know what to look at to try to fix this.

I’m running Windows server 2012 for DHCP and DNS (essentials domain network). non-local domains are forwarded to OpenDNS for resolution. No DNS requests ever hit my routers. Yes, I said routers, because I have two internet connection because I live in the sticks where AT&T thinks no one cares about the internet and won’t bring a decent speed connection to us… so two connections to split the load (DHCP assigns separate gateways depending on how I configure each client’s reservation and which internet link I want each client to use).

My routers are also sitting behind the AT&T router/modems… so yay… double NAT setup too. (Side note, I can double port forward and get remote connections working just fine, but I have remote connections turned off in PMS because I never need Plex outside the network and don’t need extra holes in my firewalls that aren’t necessary).

So back to the DNS rebind. Nothing will connect via secure channel (all roku clients). I have to manually set each roku to use insecure connections. I really want to remove this step so plugging in a new client just works… (You know Wife acceptance factor and everything).

So how should I resolve this… Would adding a custom forward lookup domain to the DNS servers and redirecting *.plex.direct to my PMS fix this, or would redirecting EVERYTHING under the plex.direct domain break other stuff? Is there something that still needs to be changed at the routers (Asus RT-AC68w, and LInksys E1000, if it matters). Or something that needs to be changed on the AT&T routers?

Should I just give up and go get a drink and avoid the wife?

Edit to add… I ran dns lookups on my IPAddress.longkeystuff.plex.direct and get the common OpenDNS has blocked this malware attack redirect. I know I can turn off Local address filtering at OpenDNS, but I don’t want to turn it off completely and can’t see how to turn it off for just the plex.direct domain at OpenDNS, so if someone knows ho to do that, that would be great.

Edit to my edit… Whitelisted plex.direct at OpenDNS and it seems to be working for my computer now. Will have to check the Roku Clients as DNS caches timeout and update.

Well you could look at the following utility from Steve Gibson.

A unique, comprehensive, accurate & free Windows (and Linux/Wine) utility to determine the exact performance of local and remote DNS nameservers . . .

https://www.grc.com/dns/benchmark.htm

I have found a lot of ISP and public DNS faulted in different localities. It’s best to obtain the quickest, most accurate and reliable service. This test can take a while like up to a couple hours as it thoroughly checks numerous times for best suggested DNS. These DNS addresses are at Computer level and not at the router, some other hardware like smart TV’s, Game consuls can be altered as well.

Add plex.tv as well to be sure.

Posting back with an update. It seems that white-listing the plex.direct domain on OpenDNS was all that I needed to do. After the last few days of near pulling my hair out with all this, it turned out to be that simple. sigh.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.