So (infrequently), I have a client behind a PFSENSE (Netgate SG4060) that has a strange occurence.
I have a split brain DNS so that my public FQDN records are replicated internally for accessing resources using local IPs instead of the public IPs. One of them is PBX.FQDN.COM. This record points to our phone system. When on the public internet, DNS resolution returns the public IP. When a device is on the private LAN, it returns the private IP.
Occassionally, when accessing the web browser of our PBX, a client may (infrequently) get a message from the PFSENSE about how this is a potential DNS rebinding attack. By infrequent, I mean maybe one or two times a month.
It happened again today. A client has a DNS server that is NOT the PFSENSE but a local W2016 DC with DNS service. The client is set to query the internal DC the PBX.FQDN.COM. The...