FRITZ!Box 3490 Service - Knowledge Base
No DNS resolution of private IP addresses
The FRITZ!Box cannot be used for DNS resolution of domain names that point to private IP addresses in the FRITZ!Box home network. This means that the domain name cannot be used to access server services in the FRITZ!Box home network. One of the following error messages may be displayed:
- "DNS timed out"
- "DNS request timed out"
A computer in the FRITZ!Box home network (192.168.178.29) cannot access a web server in the same home network because the DNS request for this web server (my_domain.de) is answered with an IP address in the same home network (192.168.178.20).
- For security reasons, the FRITZ!Box suppresses DNS responses that refer to IP addresses in its own home network. This is a security function of the FRITZ!Box to protect against what are known as DNS rebinding attacks.
Note:The configuration procedure and notes on functions given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.
1 Configuring exceptions for DNS rebind protection
- Click "Home Network" in the FRITZ!Box user interface.
- Click "Network" in the "Home Network" menu.
- Click on the "Network Settings" tab.
- In the "Domain name exceptions" field in the "DNS Rebind Protection" section, enter the complete domain name (with subdomain, if applicable) or CNAME for which DNS rebind protection should not apply. If the field is not displayed, enable the Advanced View first.
- If you want to define exceptions for several domain names, enter the domain names separated by a line break.
- Click "Apply" to save the settings.
2 Restarting the FRITZ!Box
- Click "System" in the FRITZ!Box user interface.
- Click "Backup" in the "System" menu.
- Click on the "Restart" tab.
- Click the "Restart" button.
Now DNS requests for domain names contained in the list of exceptions will receive a response even if the DNS response points to an IP address in the FRITZ!Box home network.
Important:If you configure exceptions for DNS rebind protection in the FRITZ!Box, you should use a firewall on every computer in the home network.