Mailing List Archive: RE: {Disarmed} Re: Asus wifi AP re-writing DNS packets

RE: {Disarmed} Re: Asus wifi AP re-writing DNS packets

Nov 4, 2020, 11:31 AM

Post #1 of 3 (129 views)

I had a similar discussion with another vendor recently while testing their mesh wireless systems. This vendor’s units are actually re-writing dhcp requests that clients make to point DNS to the primary mesh unit. This even happened when the mesh platform was in pure bridge mode (as opposed to router mode). The vendor said this was to make sure their app worked reliably. I’d say this sort of behaviour has quietly become common in the one app to rule it all world.

From: NANOG <nanog-bounces+tony=wicks.co.nz@nanog.org> On Behalf Of Anurag Bhatia
Sent: Thursday, 5 November 2020 7:03 am
To: NANOG Mailing List <nanog@nanog.org>
Subject: {Disarmed} Re: Asus wifi AP re-writing DNS packets

Hello

An update on this issue:

Going through (long) Asus support channel, they first agreed that this was intentional to make router.asus.com <http://router.asus.com> work but did take my request to make that optional. They have issued me a test firmware which so far seems to be working perfectly with no-rewriting rules. Hoping that it doesn't bring any side effects and they eventually put it in their public release after testing.

Re: {Disarmed} Re: Asus wifi AP re-writing DNS packets [ In reply to ]

verdi at azend

Nov 4, 2020, 12:17 PM

Post #2 of 3 (129 views)

Permalink

I experienced this as well dealing with some soho "routers" such as the
RT-AC1200. I imagine this configuration is something in-common with a lot
of their offerings. The issue was resolved by making sure the primary DHCP
server and the Asus device both pointed to the same DNS server.

On Wed, Nov 4, 2020 at 2:33 PM Tony Wicks <tony@wicks.co.nz> wrote:

> I had a similar discussion with another vendor recently while testing
> their mesh wireless systems. This vendor’s units are actually re-writing
> dhcp requests that clients make to point DNS to the primary mesh unit. This
> even happened when the mesh platform was in pure bridge mode (as opposed to
> router mode). The vendor said this was to make sure their app worked
> reliably. I’d say this sort of behaviour has quietly become common in the
> one app to rule it all world.
>
>
>
>
>
>
>
> *From:* NANOG <nanog-bounces+tony=wicks.co.nz@nanog.org> *On Behalf Of *Anurag
> Bhatia
> *Sent:* Thursday, 5 November 2020 7:03 am
> *To:* NANOG Mailing List <nanog@nanog.org>
> *Subject:* {Disarmed} Re: Asus wifi AP re-writing DNS packets
>
>
>
> Hello
>
>
>
>
>
> An update on this issue:
>
>
>
> Going through (long) Asus support channel, they first agreed that this was
> intentional to make router.asus.com work but did take my request to make
> that optional. They have issued me a test firmware which so far seems to be
> working perfectly with no-rewriting rules. Hoping that it doesn't bring any
> side effects and they eventually put it in their public release after
> testing.
>
>
>
>
>
>
>

Re: {Disarmed} Re: Asus wifi AP re-writing DNS packets [ In reply to ]

george.herbert at gmail

Nov 4, 2020, 1:51 PM

Post #3 of 3 (129 views)

Permalink

This is annoying behavior, because unless you are doing something weird
with actually signing DNS or TCP DNS, the router can just inject a fake
response for their one DNS name they need into any UDP DNS stream with a
tiny bit of inspection. Hijacking all of DNS is the DUMB way to do it.

And either way you go, it should be configuration flaggable on/off.

On Wed, Nov 4, 2020 at 11:34 AM Tony Wicks <tony@wicks.co.nz> wrote:

> I had a similar discussion with another vendor recently while testing
> their mesh wireless systems. This vendor’s units are actually re-writing
> dhcp requests that clients make to point DNS to the primary mesh unit. This
> even happened when the mesh platform was in pure bridge mode (as opposed to
> router mode). The vendor said this was to make sure their app worked
> reliably. I’d say this sort of behaviour has quietly become common in the
> one app to rule it all world.
>
>
>
>
>
>
>
> *From:* NANOG <nanog-bounces+tony=wicks.co.nz@nanog.org> *On Behalf Of *Anurag
> Bhatia
> *Sent:* Thursday, 5 November 2020 7:03 am
> *To:* NANOG Mailing List <nanog@nanog.org>
> *Subject:* {Disarmed} Re: Asus wifi AP re-writing DNS packets
>
>
>
> Hello
>
>
>
>
>
> An update on this issue:
>
>
>
> Going through (long) Asus support channel, they first agreed that this was
> intentional to make router.asus.com work but did take my request to make
> that optional. They have issued me a test firmware which so far seems to be
> working perfectly with no-rewriting rules. Hoping that it doesn't bring any
> side effects and they eventually put it in their public release after
> testing.
>
>
>
>
>
>
>

--
-george william herbert
george.herbert@gmail.com