DNS Rebinding - Plex

Can you give some more context on what you want to do? Because DNS rebinding is more an attack scenario to me than a feature. 

Apologies, I prob describe it poorly.  Effectly it's off the back of this artice from plex.  How to Use Secure Server Connections | Plex Support

Withing that article it describes workarounds:

"dnsmasq
To allow secure connections to work correctly on the local network if you are using “dnsmasq” with DNS rebinding protection enabled, you will need to add the following line to your configuration file (the “advanced settings” box in DD-WRT):

rebind-domain-ok=/plex.direct/
Related Page: Manpage for Dnsmasq

pfSense DNS Resolver
Similarly, if you are using pfSense’s internal DNS resolver service (specifically the “ISC DNS” resolver), you’ll want to adjust that configuration. In the pfSense web UI, go to Services > DNS Resolver, click Display Custom Options, and enter the following the the text box:

server:
private-domain: "plex.direct"
Related Page: pfSense: DNS Rebinding Protections

Remote Access Workaround
In some cases, it may be possible to work around DNS rebinding protection by enabling Remote Access for your server. When enabled, this allows connections to be made via your public/WAN address. In most cases, your router will automatically keep such connections within your LAN, though this isn’t universal across all routers.

Warning: When working around DNS rebinding protection this way, your apps and Plex Media Server will typically treat the connections as being from a “Remote” source. This can affect which streaming qualities are used, as well as trigger Remote-applicable server bandwidth and transcoding limitations."

At present I have exposed Plex via port forwarding on the WAN interface and that works fine, but prefer not to port forward.

I was going to have a look at WAF, but I'm not sure if that's geared for applications like Plex etc.

Apologies, I prob describe it poorly.  Effectly it's off the back of this artice from plex.  How to Use Secure Server Connections | Plex Support

Withing that article it describes workarounds:

"dnsmasq
To allow secure connections to work correctly on the local network if you are using “dnsmasq” with DNS rebinding protection enabled, you will need to add the following line to your configuration file (the “advanced settings” box in DD-WRT):

rebind-domain-ok=/plex.direct/
Related Page: Manpage for Dnsmasq

pfSense DNS Resolver
Similarly, if you are using pfSense’s internal DNS resolver service (specifically the “ISC DNS” resolver), you’ll want to adjust that configuration. In the pfSense web UI, go to Services > DNS Resolver, click Display Custom Options, and enter the following the the text box:

server:
private-domain: "plex.direct"
Related Page: pfSense: DNS Rebinding Protections

Remote Access Workaround
In some cases, it may be possible to work around DNS rebinding protection by enabling Remote Access for your server. When enabled, this allows connections to be made via your public/WAN address. In most cases, your router will automatically keep such connections within your LAN, though this isn’t universal across all routers.

Warning: When working around DNS rebinding protection this way, your apps and Plex Media Server will typically treat the connections as being from a “Remote” source. This can affect which streaming qualities are used, as well as trigger Remote-applicable server bandwidth and transcoding limitations."

At present I have exposed Plex via port forwarding on the WAN interface and that works fine, but prefer not to port forward.

I was going to have a look at WAF, but I'm not sure if that's geared for applications like Plex etc.