Recommend:
Knowledge document #3565

The FRITZ!Repeater reports "Your [...] DNS rebind protection rejected your query for reasons of security"

The following error message is displayed when you try to use your own host name, domain name, or CNAME to access the FRITZ!Repeater or a device in the home network:

"Your FRITZ!Repeater's DNS rebind protection rejected your query for reasons of security.
The host header of your query is different from the name of the FRITZ!Repeater."

Cause

  • For security reasons, the FRITZ!Repeater blocks attempts from unfamiliar host names to access its user interface and devices in the home network. This is a security function of the FRITZ!Repeater to protect against so-called DNS rebinding attacks.

Note:All instructions on configuration and settings given in this guide refer to the latest FRITZ!OS for the FRITZ!Repeater.

1 Configuring exceptions for DNS rebind protection

  1. Click "Home Network" in the user interface of the FRITZ!Repeater.
  2. Click "Network" in the "Home Network" menu.
  3. Click on the "Network Settings" tab.
  4. Click "Additional Settings" in the section "LAN Settings" to display all of the settings.
  5. In the "Host name exceptions" field in the section "DNS Rebind Protection", enter the complete host name (the domain name plus subdomain) or CNAME for which DNS rebind protection should not apply.
  6. If you want to configure exceptions for several host names, enter each host name on a new line.

    Example:
    my-website.com
    my-company.com

  7. Click "Apply" to save the settings.

2 Restarting the FRITZ!Repeater

  1. Click "System" in the user interface of the FRITZ!Repeater.
  2. Click "Backup" in the "System" menu.
  3. Click on the "Restart" tab.
  4. Click the "Restart" button.
Language selection