This is annoying behavior, because unless you are doing something weird
with actually signing DNS or TCP DNS, the router can just inject a fake
response for their one DNS name they need into any UDP DNS stream with a
tiny bit of inspection. Hijacking all of DNS is the DUMB way to do it.
And either way you go, it should be configuration flaggable on/off.
On Wed, Nov 4, 2020 at 11:34 AM Tony Wicks <t...@wicks.co.nz> wrote:
> I had a similar discussion with another vendor recently while testing
> their mesh wireless systems. This vendor’s units are actually re-writing
> dhcp requests that clients make to point DNS to the primary mesh unit. This
> even happened when the mesh platform was in pure bridge mode (as opposed to
> router mode). The vendor said this was to make sure their app worked
> reliably. I’d say this sort of behaviour has quietly become common in the
> one app to rule it all world.
>
>
>
>
>
>
>
> *From:* NANOG <nanog-bounces+tony=wicks.co...@nanog.org> *On Behalf Of *Anurag
> Bhatia
> *Sent:* Thursday, 5 November 2020 7:03 am
> *To:* NANOG Mailing List <nanog@nanog.org>
> *Subject:* {Disarmed} Re: Asus wifi AP re-writing DNS packets
>
>
>
> Hello
>
>
>
>
>
> An update on this issue:
>
>
>
> Going through (long) Asus support channel, they first agreed that this was
> intentional to make router.asus.com work but did take my request to make
> that optional. They have issued me a test firmware which so far seems to be
> working perfectly with no-rewriting rules. Hoping that it doesn't bring any
> side effects and they eventually put it in their public release after
> testing.
>
>
>
>
>
>
>
--
-george william herbert
george.herb...@gmail.com
