DNS Requests to baidu.com from Unleashed AP.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2019 09:24 AM
I had an internet outage at my home yesterday. After taking a look at my PiHole I noticed that my Unleashed R310 had made 1200 DNS requests to that domain in the course of a few hours.
After some searching I've never seen a baidu.com DNS lookup from the AP. Is this an undocumented thing? Just want to make sure that I don't have a compromised firmware or anything.
After some searching I've never seen a baidu.com DNS lookup from the AP. Is this an undocumented thing? Just want to make sure that I don't have a compromised firmware or anything.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2019 10:41 AM
I don't think anything in our firmware has any DNS contact code. Try collecting a wired trace and see if you can determine the source MAC client.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2019 09:22 AM
I stand corrected - our APs _do_ look for Internet connectivity. All APs will look to our cloud based AP Registrar (APR) to see if they belong on a Cloud controller, otherwise look locally for a nearby ZoneDirector, SmartZone or Unleashed network, and if not finding any of these and running our Solo/Standalone firmware image, they would present a Solo/Standalone WebUI.
I'm researching other Internet targets that might be used to detect Internet connectivity, ie www.microsoft.com, and captive.apple.com I've heard before.
I'm researching other Internet targets that might be used to detect Internet connectivity, ie www.microsoft.com, and captive.apple.com I've heard before.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2019 08:23 AM
Patrick,
I was curious about your question yesterday so I did a little digging. This is what I found...
Our controllers will ping the following sites to ensure we have internet connectivity.
apple.com, Microsoft.com, Baidu.com and support.ruckuckuswireless.com.
We will do this every 3 seconds if we determine there is no internet service. If we do detect the internet is available we change that polling to every 60 seconds.
So it looks like the AP was doing what it was designed to do. Hopefully you can breath a little easier now.
I was curious about your question yesterday so I did a little digging. This is what I found...
Our controllers will ping the following sites to ensure we have internet connectivity.
apple.com, Microsoft.com, Baidu.com and support.ruckuckuswireless.com.
We will do this every 3 seconds if we determine there is no internet service. If we do detect the internet is available we change that polling to every 60 seconds.
So it looks like the AP was doing what it was designed to do. Hopefully you can breath a little easier now.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2019 09:35 AM
Thanks Mike,
And it appears we have a FR-3731 to either configure the Internet targets, or turn off detection on Unleashed APs. Customers who open a ticket can request a link to FR-3731 to add votes.
And it appears we have a FR-3731 to either configure the Internet targets, or turn off detection on Unleashed APs. Customers who open a ticket can request a link to FR-3731 to add votes.
