r/homelab

•

1 yr. ago

Cloudflare DNS pointed to internal IP Address safe???

Hi guys,

I've setup a small server at home with a few docker services running. I've setup Traefik Reverse Proxy to create local domains for them and only access them via my local network or over my Wireguard Tunnel from other devices.

I've noticed that I can resolve the DNS names with Cloudflare by adding my servers local IP address to the DNS records. Are there any security vulnerabilities with this setup?

Thanks 🙂

r/homelab - Cloudflare DNS pointed to internal IP Address safe???

monday_com

•

Promoted

The numbers don't lie - there's a reason why 10,000+ customers rate monday.com 5 stars and use it as their work management platform. It’s the #1 platform to efficiently manage your team, work, and processes. Try it now!

monday.com

Sort by:

Best

Open comment sort options

Best

Top

New

Controversial

Old

Q&A

Herobrine__Player

•

1y ago

Perfectly secure and might even confuse people that just ping everything to check for people with stuff open if they have a devices with that IP and it responds.

thefpspower

•

1y ago

Point mail.homelaburl.com to localhost and watch script kids brute force their own machines.

More replies

Nocterminalist

•

1y ago

Yeah that makes sense. I can only ping it if i'm on my LAN or wireguard tunnel. No ports are open and it's just used to resolve the domain names.

More replies

procheeseburger

•

1y ago

I've been using it for years.. its perfectly fine.

IllustriousBottle883

•

1y ago

It’ll be fine. One thing to be aware of is that some ISP routers will have DNS rebinding protection enabled that will block resolution of the entry (or any private IP as per RFC1918).

prisukamas

•

1y ago

not only ISP routers but also e.g. Google Wifi Home Router or any router running vanilla OpenWRT ....

atkinson137

•

1y ago

I've struggled with this so many times. Really frustrating and can be pretty hard to debug.

More replies

Mailstorm

•

1y ago

Home environment? Fine. Enterprise environment? Absolutely not

nomis_simon

•

1y ago

Why not in enterprise environment?

More replies

abrahamlitecoin

•

1y ago

Your internal caching DNS server should be configured to reject answers from public DNS servers with rfc1918 space in them due to the risk of DNS rebinding attacks: https://en.m.wikipedia.org/wiki/DNS_rebinding.

You can configure your DNS server to make an exception for your domain though, because you trust your own domain not to be hosting malware.

So yes, this is a perfectly valid configuration but the fact that this works out of the box means that your home network is not protected against DNS rebinding attacks.

Cloudflare DNS pointed to internal IP Address safe???

Is cloudflare dns (1.1.1.1) finally got blocked? any alternative?

What TLD to use for your internal dns/private/home setup!

Can a DNS block be bypassed?

Cloudflare Tunnels vs Tailscale to get around ISP's CGNAT

Cloudflare DNS vs Quad 9 DNS?

Is Cloudflare the best option for a private DNS?

Cloudflare DNS to local up

How to use Cloudflare's 1.1.1.1 DNS over TLS with Android P

How to "try local IP" before going through CloudFlare tunnel?

Cloudflare and UDP Connections

Where do I find my dns_record_id in Cloudflare?

Cloudflare DDNS: Automate Your DNS Updates

Set primary DNS to cloudflare 1.1.1.1 and secondary DNS to google 8.8.8.8. Good? Bad?

Alternatives to oznu/cloudflare-ddns for Cloudflare Dynamic DNS Updates

1.1.1.1 dns? safe + private

Can I use Tailscale and Cloudflare Tunnels concurrently?

How do I setup local DNS, reverse proxy, and cloudflare to work properly

Ngnix Proxy Manager and Cloudflare DNS Proxy Service - Match not to be made?

Ngnix Proxy Manager and Cloudflare DNS Proxy Service - Match not to be made?

Using WAN address of home server from LAN - traffic routed through ISP?

How does a cloudflare tunnel work, really?

Quad9 DNS: They are good and secure? Or it's better CloudFlare?

Is it possible to use public IPv6 address on the tailscale client?

Selfhosted DNS is annoying.

Cloudflare Tunnel, Reverse Proxy w/ DDNS to Cloudflare DNS or some other way? Which is the best?

Top Posts

Trending topics today