Knowledge Base
AVM Content
No DNS resolution of private IP addresses
The FRITZ!Box cannot be used for DNS resolution of domain names that point to private IP addresses in the FRITZ!Box home network. As a result, the domain name cannot be used to access server services in the FRITZ!Box home network. One of the following error messages may be displayed:
- "DNS timed out"
- "DNS request timed out"
Example:
A computer in the FRITZ!Box home network (192.168.178.29) cannot access a web server in the same home network because the DNS query for this web server (my-domain.com) is answered with an IP address from the same home network (192.168.178.20).
Cause
- For security reasons, the FRITZ!Box suppresses DNS responses that refer to IP addresses in its own home network. This is a security function of the FRITZ!Box to protect against so-called DNS rebinding attacks.
Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Box.
1 Configuring exceptions for DNS rebind protection
- Click "Home Network" in the FRITZ!Box user interface.
- Click "Home Network Overview" in the "Home Network" menu.
- Click on the "Network Settings" tab.
- In the "Domain name exceptions" field in the section "DNS Rebind Protection", enter the name of the domain for which DNS rebind protection should not apply. If the field is not displayed, enable the Advanced View first.
- If you want to configure exceptions for several domain names, enter each domain name on a new line.
Example:
my-domain.com
my_domain.dyndns.org - Click "Apply" to save the settings.
2 Restarting the FRITZ!Box
- Click "System" in the FRITZ!Box user interface.
- Click "Backup" in the "System" menu.
- Click on the "Restart" tab.
- Click the "Restart" button.
Now DNS requests for domain names that are included in the list of exceptions will receive a response even if the DNS response points to an IP address in the FRITZ!Box home network.
Important:If you configure exceptions for DNS rebind protection in the FRITZ!Box, a firewall should be used on every computer in the home network.