Asus wifi AP re-writing DNS packets

Anurag Bhatia me at anuragbhatia.com
Wed Oct 28 20:40:25 UTC 2020


I tried deleting the rule and it drops the traffic completely. So DNS
resolution stops working and I am unsure why. It's not like default drop or
anything. I can edit the rule and whatever active port 53 related rule is
there works. But I want case of no such rule at all. :-)


I setup pihole on Intel NUC little while ago and all Pihole gets is 100% of
wifi client traffic behind Asus wifi management IP. :-\


Plus no matter what DNS I put, queries goes via whatever router gave up
when Asus booted up.


Here's how creepy it gets:

On Rasberry Pi (which is not behind Asus AP but a different switch)

anurag at raspberrypi:~ $ dig whoami.akamai.com @1.1.1.1 a +short
whoami.akamai.net.
162.158.226.218
anurag at raspberrypi:~ $ dig whoami.akamai.com @8.8.8.8 a +short
whoami.akamai.net.
172.253.244.3
anurag at raspberrypi:~ $ dig whoami.akamai.com @9.9.9.9 a +short
whoami.akamai.net.
103.224.242.10
anurag at raspberrypi:~ $

All normal and good.



Now, from the device (which is behind Asus AP):

 ~> dig whoami.akamai.net @1.1.1.1 a +short
172.217.34.65

~> dig whoami.akamai.net @8.8.8.8 a +short
172.217.34.65

~> dig whoami.akamai.net @9.9.9.9 a +short
172.217.34.65

dig whoami.akamai.net @1.2.3.4 a +short
172.217.34.65

dig whoami.akamai.net @5.6.7.8 a +short
172.217.34.65


Essentially Asus picked 8.8.8.8 because I put that during the test and
rebooted the AP. I will stick with 8.8.8.8 until DHCP lease expires and the
new server is provided.


On Thu, Oct 29, 2020 at 2:01 AM Neil Hanlon <neil at shrug.pw> wrote:

> And if so, can you set up your own service to remove their iptables rule
> after it's been added or otherwise counteract it.
>
> At least temporarily, anyways.
>
> -Neil
>
> On Wed, Oct 28, 2020 at 4:26 PM Ryan Hamel <ryan at rkhtech.org> wrote:
>
>> I'm curious to know why they would add such a thing, and how you got the
>> iptables rules from the device. Do these Asus routers provide SSH directly
>> into the shell?
>>
>> Ryan
>> On Oct 28 2020, at 11:33 am, Anurag Bhatia <me at anuragbhatia.com> wrote:
>>
>> Hello,
>>
>> Wondering anyone from Asus here or anyone who could connect me to the
>> developers there?
>>
>> Using Asus RT-AC58U in Access Point(AP) mode and expect it to simply
>> bridge wired with wireless but seems like it's re-writing DNS packets
>> source as well as the destination.
>>
>>
>>    1. DNS port 53 traffic going out, the source is re-written with the
>>    management IP of the AP on the LAN. So virtually all DNS traffic hits the
>>    router from the (management) IP of the Asus AP instead of real clients.
>>
>>    2. If I define DNS as x.x.x.x on DHCP, the Asus AP picks that up and
>>    re-writes destination to x.x.x.x and hence even if any client uses y.y.y.y,
>>    the packets are simply re-written.
>>
>>
>> I see the rule in iptables on Asus AP. All these issues give an idea that
>> someone created AP mode (besides regular routing mode) and missed to
>> disable the DNS related NATing features in the AP mode. So far my
>> discussions with their support have been going quite slow and would greatly
>> appreciate if someone could connect me to right folks in there so they can
>> release a firmware fix for it.
>>
>>
>>
>> Thanks.
>>
>> --
>> Anurag Bhatia
>> anuragbhatia.com
>>
>>

-- 
Anurag Bhatia
anuragbhatia.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201029/cb5b766c/attachment.html>


More information about the NANOG mailing list