{Disarmed} Re: Asus wifi AP re-writing DNS packets

Wed Nov 4 21:51:37 UTC 2020

This is annoying behavior, because unless you are doing something weird
with actually signing DNS or TCP DNS, the router can just inject a fake
response for their one DNS name they need into any UDP DNS stream with a
tiny bit of inspection.  Hijacking all of DNS is the DUMB way to do it.

And either way you go, it should be configuration flaggable on/off.

On Wed, Nov 4, 2020 at 11:34 AM Tony Wicks <tony at wicks.co.nz> wrote:

> I had a similar discussion with another vendor recently while testing
> their mesh wireless systems. This vendor’s units are actually re-writing
> dhcp requests that clients make to point DNS to the primary mesh unit. This
> even happened when the mesh platform was in pure bridge mode (as opposed to
> router mode). The vendor said this was to make sure their app worked
> reliably. I’d say this sort of behaviour has quietly become common in the
> one app to rule it all world.
>
>
>
>
>
>
>
> *From:* NANOG <nanog-bounces+tony=wicks.co.nz at nanog.org> *On Behalf Of *Anurag
> Bhatia
> *Sent:* Thursday, 5 November 2020 7:03 am
> *To:* NANOG Mailing List <nanog at nanog.org>
> *Subject:* {Disarmed} Re: Asus wifi AP re-writing DNS packets
>
>
>
> Hello
>
>
>
>
>
> An update on this issue:
>
>
>
> Going through (long) Asus support channel, they first agreed that this was
> intentional to make router.asus.com work but did take my request to make
> that optional. They have issued me a test firmware which so far seems to be
> working perfectly with no-rewriting rules. Hoping that it doesn't bring any
> side effects and they eventually put it in their public release after
> testing.
>
>
>
>
>
>
>

-- 
-george william herbert
george.herbert at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201104/6e397060/attachment.html>