That just means you're getting back a private IP response from the DNS server. If that is normal, you can disable DNS rebinding protection under System > Advanced.
" I use SARG and Squid proxy authentication with Ldap Windows 2008."
I tried to disable DNS rebinding protection under System > Advanced, when I do this I can't use domain username from Win2008 login to web browser. I already read some wiki document on pfSense web site and search over "DNS-rebind attack detected" on this forum a lot (DHCP and DNS) but it just only reference to DHCP and DNS. I could not find how to configuration internal DNS server work on pfSense with SARG and Squid proxy authentication with Ldap Windows 2008 (correctly)
I use sarg and squid proxy authentication with Ldap Windows 2008. I always have "DNS-rebind attack detected: xxxxter.dsns" problem only I put internal DNS server IP address on System > General Setup> DNS Servers, when I use domain username login on Chrome or Firefox web browser. I spend a lot of time to find out to solve this problem but never success.
For Squid authentication with LDAP Windows 2008, when I only use OpenDNS 184.108.40.206 and 220.127.116.11 at pfSense : System > General Setup > DNS Servers, and I try to login via web browser with domain username, the web browser still hang up only "loading" and take too long before the web page is coming up.
If I use this way here under I do not get any DNS-rebind attack detected.
1. Use DNS Server from ISP : 67.xx.xxx.xx and 203.xx.xxx.xx or Use DNS Server from google : 18.104.22.168 and 22.214.171.124
2. At System > General Setup > DNS Servers. I take off IP address from internal DNS Server Windows 2008 because it will cause "DNS-rebind attack detected" If I still use internal dns ip address.
So, at System > General Setup > DNS Servers, I only use DNS Server from my ISP (67.xx.xxx.xx and 203.xx.xxx.xx) or use Google DNS Server 126.96.36.199 and 188.8.131.52.
Now I can use domain users to authenticate login via web browser and I don't get any DNS-rebind attack detected anymore. Every users from the domain that I tested, it's succeses.
Thank u very much Jimp