[nznog] Re: Skinny Modems and RFC1918 DNS

Thank you to Scott (and others who replied offlist). This problem is occuring with people running VPNs on work laptops at home. I am wondering if perhaps the immediate cause of the problem for us is we are not correctly pushing out DNS settings so the local one is being used. On Mon, 16 Jan 2023, Scott Howard wrote:

The term you're looking for to plug into Google is "DNS rebind protection", and it's common across a lot of consumer routers. This thread is a few years old, but seems to imply it can't be disabled on these modems.  https://www.geekzone.co.nz/forums.asp?forumid=39&topicid=265543

  Scott

On Mon, Jan 16, 2023 at 2:44 PM Simon Lyall wrote:

We are getting reports from a couple of people that some Skinny Modems are getting confused with some DNS records. It appears that if the IP returned from the lookup is a RFC 1918 one they won't return the result to the client.

One modem in question has:

Skinny Smart Modem VRV9517UWAC34-A-SP

on it and I think VRV9517 is the model name.

This appears to be a fairly recent problem, showing up since people came back from break. Not ruling out some other cause but direct testing of queries is doing the above. Possibly a recent software upgrade or "security" setting.

Direct queries against the DNS servers themselves seem okay, it only breaks when you use the modem as the DNS server.

Not confirmed for all of RFC1918 space, but definitly 192.168.1.x

Anyone seen similar or know of a fix? (for now we are getting people to use 1.1.1.1 or similar for DNS).

-- Simon Lyall  |  Very Busy  |  Web: http://www.simonlyall.com/ "To stay awake all night adds a day to your life" - Stilgar

_______________________________________________ NZNOG mailing list -- nznog(a)list.waikato.ac.nz To unsubscribe send an email to nznog-leave(a)list.waikato.ac.nz

-- Simon Lyall | Very Busy | Web: http://www.simonlyall.com/ "To stay awake all night adds a day to your life" - Stilgar