Unrecognized domain / IP when connecting to fqdn

Plex Media Server Desktops & Laptops
1

So I’ve been having this issue for a while now and can’t quite seem to understand it the following addresses work in a browser:

https://192.168.1.151/web/index.html
https://plex/web/index.html

The fqdn does not:

https://plex.server.tld/web/index.html

Since it treats this as non-local I run into issues with requiring the login locally when using the fqdn in a browser. If I don’t use the fqdn then my custom cert spits out errors. Does anybody know of a fix for this or am I missing something that I should be doing here? It seems like plex does not allow a fqdn in the header of the browser request.

– Log Snippet –

Server Version#: plexmediaserver_1.18.7.2457-77cb9455c_amd64

Mar 15, 2020 18:24:15.495 [0x7f985ab37700] VERBOSE - Comparing request from 192.168.1.75 against 192.168.1.0/255.255.255.0

Mar 15, 2020 18:24:15.495 [0x7f985ab37700] DEBUG - Request came in with unrecognized domain / IP ‘plex.server.tld’ in header Host; treating as non-local

Mar 15, 2020 18:24:15.495 [0x7f985a336700] DEBUG - Request: [192.168.1.75:55856 (Allowed Network (Subnet))] GET /web/common/img/backgrounds/preset-dark2.6d2c8336496f761f38de8558a2b9709b.png (3 live) TLS GZIP Signed-in

2

Difficult to tell from a log snippet.

  1. You can’t force the host on one FQDN and have PMS use its own.
  2. PMS must know of the host FQDN (and cert) to work with it.

Settings - Server - Network - SHOW ADVANCED
is where you will see the fields you need to fill in for PMS to recognize your FQDN and cert.

3

My apologies. I probably should have stated more information.

I have a dual dns structure. Local dns handles local 192. network and external dns handles everything outside the local network. The local dns resolves the plex server as the local IP. The host and the PMS are the same fqdn. I tried all the settings in network and nothing seems to work. The certificate works fine when connecting (I am using my own).

The issue I’m having is that it forces me to a plex.tv login vs bypassing the authentication on the local network because of the header being sent by the browser.

There was an old forum post about this same issue from 2016. Is this possibly impossible to do as protection against an attack?

4

Everything from 2016 has been grossly superseded since that date.

  1. The LAN must be RFC-1918 compliant or you ssh tunnel to setup the host even on LAN. .Any publicly routeable IP address is considered REMOTE. REMOTE IPs are prohibited form configuring.

  2. Newly enacted by the industry. “DNS rebinding protection” makes things a lot harder. It’s to thwart DNS hijacking.

  3. I use a local domain (XXX.LAN). To make this work, I needed to create a DNS rebinding exemption rule in the local DNS service to allow the overlay domain “plex.direct” to occupy the same space. On pfsense, it looks like this:

Screenshot from 2020-03-15 23-07-20
Screenshot from 2020-03-15 23-07-20978×246 17.4 KB

  1. You will likely need / want to add similar for your FQDN to start then also add the FQDN identification to Plex in “Settings - Server - Network - Show Advanced”.
5

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.