|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] linksys router mucks with dns
|
On Sun, Sep 03, 2006 at 04:24:07PM -0400, Jeff Abrahamson wrote:
> The odd thing is that, now that the router is set up, my regular
> machine resolves routerlogin.net and www.routerlogin.net to the
> router. But how can that be? The router isn't my dns server.
>
> I'm curious, first, how the router is likely intercepting such
> queries, and, second, how to decide whether I can trust my router on
> other matters if it is willing to do such things as this. (The second
> is probably unanswerable by mortals, but seems worth asking.)
If its a WRT54G* model, you can easily hack the firmware and remove this
"feature", if you so choose. And it would even have more real features you
might want (e.g. ssh into the router itself, real tc control, etc).
> I am on 192.168.0.7, where I designate myself as DNS:
>
> jeff@astra:~ $ cat /etc/resolv.conf
> search purple.com
> nameserver 192.168.0.7
> jeff@astra:~ $
>
> Querying DNS about routerlogin.net goes to root servers and comes back
> immediately with a private address! (This is not what happens on a
> network without this router.) So the router is not network neutral.
> This feels like a small bit of insidious evil on the part of linksys,
> since they don't document exactly when they plan not to pass my bits
> as I expect. Am I being unreasonable?
Slightly, although I'd feel the same way. To me, its not about what
they've done, but what they would do in the future. They are already
hijacking a competitor's site to get that done in the first place (read
on).
core:~> whois routerlogin.net
[...]
Registrant:
Netgear, Inc.
4500 Great America Parkway
Santa Clara, California 95054
United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: ROUTERLOGIN.NET
Created on: 22-Jan-04
Expires on: 22-Jan-14
Last Updated on: 18-Jun-04
Administrative Contact:
Sallette, Al al.sallette@netgear.com
Netgear, Inc.
4500 Great America Parkway
Santa Clara, California 95054
United States
(408) 907-8000 Fax --
Technical Contact:
Sallette, Al al.sallette@netgear.com
Netgear, Inc.
4500 Great America Parkway
Santa Clara, California 95054
United States
(408) 907-8000 Fax --
Domain servers in listed order:
PARK17.SECURESERVER.NET
PARK18.SECURESERVER.NET
core:~>
Netgear pays the bills and Linksys gets a free ride ;-)
Presumably, this domain was registered with this purpose in mind. When not
behind a router of this nature, the domain redirects to www.netgear.com.
core:~> dig routerlogin.net
; <<>> DiG 9.2.2 <<>> routerlogin.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57256
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;routerlogin.net. IN A
;; ANSWER SECTION:
routerlogin.net. 3600 IN A 64.202.189.170
;; Query time: 77 msec
;; SERVER: 68.87.64.146#53(68.87.64.146)
;; WHEN: Sun Sep 3 16:44:53 2006
;; MSG SIZE rcvd: 49
core:~>
--
Toby DiPasquale
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|