Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


freitasm

BDFL - Memuneh
80693 posts

Uber Geek
+1 received by user: 41138

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#312493 22-Apr-2024 09:32
Send private message

Fritz!Box routers create a sub-domain on fritz.box to make browsing local devices in your network easier. 

 

Assume your NAS hostname is "nas". An address is added from the DHCP requests so your NAS can be accessible by using a domain name such as nas.fritz.box instead of an IP address.

 

This is a feature of the Fritz!Box DNS server. This server will always return a private IP address.

 

The .box TLD is now available and someone registered fritz.box. 

 

While this will not impact people using the default Fritz!Box DNS, it will be resolved if they use an external DNS such as 1.1.1.1, 8.8.8.8, AdGuard or even one run inside their network, like AdGuard or PiHole.

 

If you use an external DNS, your lookup for nas.fritz.box will return an external IP address controlled by unknown parties.

 

Again, this does not affect the Fritz!Box in its default configuration, only if you use a different DNS setting.

 

For example:

 

 

c:\> nslookup nas.fritz.box 8.8.8.8

 

Server:  dns.google
Address:  8.8.8.8
Name:    nas.fritz.box
Addresses:  2001:19f0:6c00:1b0e:5400:4ff:fecd:7828  45.76.93.104

 

 

I have replaced my Fritz!Box a few years ago, but I have one Windows laptop that still adds ".fritz.box" to some lookups, even long after not being connected to a Fritz!box.

 

If your DNS service or router allows, you should block any lookup to a domain within .fritz.box to be safe.

 

This is what my network returns if I try the same lookup with my custom DNS:

 

 

c:\> nslookup nas.fritz.box

 

Server:  UnKnown
Address:  192.168.2.1
Name:    nas.fritz.box
Addresses:  ::   0.0.0.0

 

 

More information:  

 

https://crapts.org/2024/04/21/all-fritz-box-modems-have-been-hijacked/ 

 

https://news.ycombinator.com/item?id=40106336 

 

 

 

 





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
mentalinc
3385 posts

Uber Geek
+1 received by user: 1025

Trusted

  #3221295 22-Apr-2024 09:50
Send private message

So funny





CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 




freitasm

BDFL - Memuneh
80693 posts

Uber Geek
+1 received by user: 41138

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3221296 22-Apr-2024 09:52
Send private message

mentalinc:

 

So funny

 

 

If it wasn't the fact I know many people using PiHole and AdGuard to protect themselves from "malware". which now may open a new can of worms.





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 


reven
3748 posts

Uber Geek
+1 received by user: 874

Trusted

  #3221300 22-Apr-2024 10:12
Send private message

 

I believe this fixes it if using pihole, under "Domains" adding a regex blacklist.

nslookup returns 0.0.0.0 now for me, vs before it would return the "2001:19f0:6c00:1b0e:5400:4ff:fecd:7828 / 45.76.93.104".   




mentalinc
3385 posts

Uber Geek
+1 received by user: 1025

Trusted

  #3221302 22-Apr-2024 10:22
Send private message

^.*\.fritz\.box$





CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 


freitasm

BDFL - Memuneh
80693 posts

Uber Geek
+1 received by user: 41138

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3221303 22-Apr-2024 10:25
Send private message

Even my NAS is doing these lookups - and it's not a Windows box. I haven't had a Fritz!box in my network for 12 months now.

 





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 


mentalinc
3385 posts

Uber Geek
+1 received by user: 1025

Trusted

  #3221322 22-Apr-2024 11:17
Send private message

Very weird to still have resolving after 12 months.

 

Do you have any domain controllers? maybe flush DNS on those and reboot both?





CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 


 
 
 

Stream your favourite shows now on Apple TV (affiliate link).
freitasm

BDFL - Memuneh
80693 posts

Uber Geek
+1 received by user: 41138

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3221323 22-Apr-2024 11:22
Send private message

mentalinc:

 

Very weird to still have resolving after 12 months.

 

Do you have any domain controllers? maybe flush DNS on those and reboot both?

 

 

No domain controllers. I did scan the Windows registry for "Fritz.box" and found an entry under Computer\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\fritz.box and have now removed it.

 

I am not sure where to look for in the Synology DSM though. 





Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 


Tinkerisk
4814 posts

Uber Geek
+1 received by user: 3684


  #3221543 22-Apr-2024 18:11
Send private message

Just as a side note:

 

Using the pseudo TLD .local for the internal network is not a good idea either, as it is used by mDNS, for example. 😉





     

  • Qui nihil scit, omnia credere debet. - He who knows nothing must believe everything.
  • Firewalls do NOT stop dragons!
  • I avoid Big Tech, they try hard to dictate technology and culture across borders.
  • In effect we have everything to hide from someone, and no idea who someone is.

Tinkerisk
4814 posts

Uber Geek
+1 received by user: 3684


  #3221550 22-Apr-2024 18:32
Send private message

freitasm:

 

I am not sure where to look for in the Synology DSM though. 

 

 

Could it be remnants of a DDNS configuration that you had configured at some point with the FB and on the Synology?





     

  • Qui nihil scit, omnia credere debet. - He who knows nothing must believe everything.
  • Firewalls do NOT stop dragons!
  • I avoid Big Tech, they try hard to dictate technology and culture across borders.
  • In effect we have everything to hide from someone, and no idea who someone is.

timmmay
20867 posts

Uber Geek
+1 received by user: 5350

Trusted
Lifetime subscriber

  #3221551 22-Apr-2024 18:34
Send private message

Tinkerisk:

Just as a side note:


Using the pseudo TLD .local for the internal network is not a good idea either, as it is used by mDNS, for example. 😉



Could you please explain this.

Tinkerisk
4814 posts

Uber Geek
+1 received by user: 3684


  #3221552 22-Apr-2024 18:44
Send private message

timmmay:
Tinkerisk:

 

Just as a side note:

 

Using the pseudo TLD .local for the internal network is not a good idea either, as it is used by mDNS, for example. 😉

 



Could you please explain this.

 

Well, the .local domain is a so-called pseudo top-level domain. It means that it is not an official top-level domain that is usable (routable) on the Internet, but this domain has a semi-official status as it is used in some applications. In the case of .local, it is used by the Multicast Domain Name Service (mDNS, aka Bonjour). Hosts that implement this service use .local as a domain name and have their own way of resolving names.

 

Normally this would not be a problem; however, if you also implement DNS on your network with .local as a TLD, this causes serious name resolution issues. I have had „experience“ of this happening on Linux, Android and OS X systems. Usually in these types of networks you find that DNS name resolution doesn't work at all or only works part of the time.

 

You end up switching to fixed IP addresses because you can't know if a name can be resolved or not (which defeats the whole purpose of having a DNS server in the first place).

 

Hence I suggest using .lan for example instead.





     

  • Qui nihil scit, omnia credere debet. - He who knows nothing must believe everything.
  • Firewalls do NOT stop dragons!
  • I avoid Big Tech, they try hard to dictate technology and culture across borders.
  • In effect we have everything to hide from someone, and no idea who someone is.

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
richms
29117 posts

Uber Geek
+1 received by user: 10231

Trusted
Lifetime subscriber

  #3221562 22-Apr-2024 19:35
Send private message

timmmay:
Tinkerisk:

 

Just as a side note:

 

 

 

Using the pseudo TLD .local for the internal network is not a good idea either, as it is used by mDNS, for example. 😉

 



Could you please explain this.

 

Before mDNS it was quite common to use .local as domains that you had inhouse and didnt want to pay for a domain for .internal and .lan were others that were often used for it.

 

Then mDNS came along and any device would be able to advertise those and if you had installed apples malware of itunes on a computer, it would then go to the device that advertised its presence with multicast rather than consult the real internal DNS server for it.





Richard rich.ms

Tinkerisk
4814 posts

Uber Geek
+1 received by user: 3684


  #3221610 22-Apr-2024 19:52
Send private message

richms:

 

Then mDNS came along and any device would be able to advertise those and if you had installed apples malware of itunes on a computer, it would then go to the device that advertised its presence with multicast rather than consult the real internal DNS server for it.

 

 

Sorry but Bonjour relies on standards mDNS (RFC 6762), DNS-SD (RFC 3927) and IPv4LL (RFC 6763). This time Apple had only reacted to the cries of users about cumbersome printer configurations in the user forum after cancelling AppleTalk, and developed Rendevous -> Bonjour -> Zeroconf (open source). Windows now also uses this.

 

<end of OT>





     

  • Qui nihil scit, omnia credere debet. - He who knows nothing must believe everything.
  • Firewalls do NOT stop dragons!
  • I avoid Big Tech, they try hard to dictate technology and culture across borders.
  • In effect we have everything to hide from someone, and no idea who someone is.

jnimmo
1098 posts

Uber Geek
+1 received by user: 255


  #3221675 23-Apr-2024 08:36
Send private message

Ran into this one too!

 

Looks like .internal might be a future-proof way to go if you're considering changing it:

 

https://www.theregister.com/2024/01/29/icann_internal_tld/

 

 


timmmay
20867 posts

Uber Geek
+1 received by user: 5350

Trusted
Lifetime subscriber

  #3221687 23-Apr-2024 09:12
Send private message

RFC9375 says to use home.arpa. I switched to that when I moved pihole to docker.


 1 | 2
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.