This is annoying behavior, because unless you are doing something weird with actually signing DNS or TCP DNS, the router can just inject a fake response for their one DNS name they need into any UDP DNS stream with a tiny bit of inspection. Hijacking all of DNS is the DUMB way to do it.
And either way you go, it should be configuration flaggable on/off. On Wed, Nov 4, 2020 at 11:34 AM Tony Wicks <t...@wicks.co.nz> wrote: > I had a similar discussion with another vendor recently while testing > their mesh wireless systems. This vendor’s units are actually re-writing > dhcp requests that clients make to point DNS to the primary mesh unit. This > even happened when the mesh platform was in pure bridge mode (as opposed to > router mode). The vendor said this was to make sure their app worked > reliably. I’d say this sort of behaviour has quietly become common in the > one app to rule it all world. > > > > > > > > *From:* NANOG <nanog-bounces+tony=wicks.co...@nanog.org> *On Behalf Of *Anurag > Bhatia > *Sent:* Thursday, 5 November 2020 7:03 am > *To:* NANOG Mailing List <nanog@nanog.org> > *Subject:* {Disarmed} Re: Asus wifi AP re-writing DNS packets > > > > Hello > > > > > > An update on this issue: > > > > Going through (long) Asus support channel, they first agreed that this was > intentional to make router.asus.com work but did take my request to make > that optional. They have issued me a test firmware which so far seems to be > working perfectly with no-rewriting rules. Hoping that it doesn't bring any > side effects and they eventually put it in their public release after > testing. > > > > > > > -- -george william herbert george.herb...@gmail.com