Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Fritz!Box security warning
freitasm

BDFL - Memuneh
78934 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#312493 22-Apr-2024 09:32
Send private message

Fritz!Box routers create a sub-domain on fritz.box to make browsing local devices in your network easier. 

 

Assume your NAS hostname is "nas". An address is added from the DHCP requests so your NAS can be accessible by using a domain name such as nas.fritz.box instead of an IP address.

 

This is a feature of the Fritz!Box DNS server. This server will always return a private IP address.

 

The .box TLD is now available and someone registered fritz.box. 

 

While this will not impact people using the default Fritz!Box DNS, it will be resolved if they use an external DNS such as 1.1.1.1, 8.8.8.8, AdGuard or even one run inside their network, like AdGuard or PiHole.

 

If you use an external DNS, your lookup for nas.fritz.box will return an external IP address controlled by unknown parties.

 

Again, this does not affect the Fritz!Box in its default configuration, only if you use a different DNS setting.

 

For example:

 

 
c:\> nslookup nas.fritz.box 8.8.8.8
 
Server:  dns.google
Address:  8.8.8.8 
Name:    nas.fritz.box
Addresses:  2001:19f0:6c00:1b0e:5400:4ff:fecd:7828  45.76.93.104
 

 

I have replaced my Fritz!Box a few years ago, but I have one Windows laptop that still adds ".fritz.box" to some lookups, even long after not being connected to a Fritz!box.

 

If your DNS service or router allows, you should block any lookup to a domain within .fritz.box to be safe.

 

This is what my network returns if I try the same lookup with my custom DNS:

 

 
c:\> nslookup nas.fritz.box
 
Server:  UnKnown
Address:  192.168.2.1
Name:    nas.fritz.box
Addresses:  ::   0.0.0.0
 

 

More information:  

 

https://crapts.org/2024/04/21/all-fritz-box-modems-have-been-hijacked/ 

 

https://news.ycombinator.com/item?id=40106336 

 

 

 

 




Please support Geekzone by subscribing, or using one of our referral links: Mighty ApeSamsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

 

My technology disclosure

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
mentalinc
3147 posts

Uber Geek

Trusted

  #3221295 22-Apr-2024 09:50
Send private message

So funny




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

 
 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
freitasm

BDFL - Memuneh
78934 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3221296 22-Apr-2024 09:52
Send private message

mentalinc:

 

So funny

 

 

If it wasn't the fact I know many people using PiHole and AdGuard to protect themselves from "malware". which now may open a new can of worms.




Please support Geekzone by subscribing, or using one of our referral links: Mighty ApeSamsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

 

My technology disclosure

reven
3729 posts

Uber Geek

Trusted

  #3221300 22-Apr-2024 10:12
Send private message

 

I believe this fixes it if using pihole, under "Domains" adding a regex blacklist.

nslookup returns 0.0.0.0 now for me, vs before it would return the "2001:19f0:6c00:1b0e:5400:4ff:fecd:7828 / 45.76.93.104".   



mentalinc
3147 posts

Uber Geek

Trusted

  #3221302 22-Apr-2024 10:22
Send private message

^.*\.fritz\.box$




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

freitasm

BDFL - Memuneh
78934 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3221303 22-Apr-2024 10:25
Send private message

Even my NAS is doing these lookups - and it's not a Windows box. I haven't had a Fritz!box in my network for 12 months now.

 




Please support Geekzone by subscribing, or using one of our referral links: Mighty ApeSamsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

 

My technology disclosure

mentalinc
3147 posts

Uber Geek

Trusted

  #3221322 22-Apr-2024 11:17
Send private message

Very weird to still have resolving after 12 months.

 

Do you have any domain controllers? maybe flush DNS on those and reboot both?




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

freitasm

BDFL - Memuneh
78934 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3221323 22-Apr-2024 11:22
Send private message

mentalinc:

 

Very weird to still have resolving after 12 months.

 

Do you have any domain controllers? maybe flush DNS on those and reboot both?

 

 

No domain controllers. I did scan the Windows registry for "Fritz.box" and found an entry under Computer\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\fritz.box and have now removed it.

 

I am not sure where to look for in the Synology DSM though. 




Please support Geekzone by subscribing, or using one of our referral links: Mighty ApeSamsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

 

My technology disclosure



Tinkerisk
4095 posts

Uber Geek


  #3221543 22-Apr-2024 18:11
Send private message

Just as a side note:

 

Using the pseudo TLD .local for the internal network is not a good idea either, as it is used by mDNS, for example. 😉




- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: HA server cluster, 0.1PB storage capacity on premise
- IoT:   thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D:    two 3D printers, 3D scanner, CNC router, laser cutter

Tinkerisk
4095 posts

Uber Geek


  #3221550 22-Apr-2024 18:32
Send private message

freitasm:

 

I am not sure where to look for in the Synology DSM though. 

 

 

Could it be remnants of a DDNS configuration that you had configured at some point with the FB and on the Synology?




- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: HA server cluster, 0.1PB storage capacity on premise
- IoT:   thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D:    two 3D printers, 3D scanner, CNC router, laser cutter

timmmay
20382 posts

Uber Geek

Trusted
Lifetime subscriber

  #3221551 22-Apr-2024 18:34
Send private message

Tinkerisk:

Just as a side note:


Using the pseudo TLD .local for the internal network is not a good idea either, as it is used by mDNS, for example. 😉



Could you please explain this.

Tinkerisk
4095 posts

Uber Geek


  #3221552 22-Apr-2024 18:44
Send private message

timmmay:
Tinkerisk:

 

Just as a side note:

 

Using the pseudo TLD .local for the internal network is not a good idea either, as it is used by mDNS, for example. 😉

 



Could you please explain this.

 

Well, the .local domain is a so-called pseudo top-level domain. It means that it is not an official top-level domain that is usable (routable) on the Internet, but this domain has a semi-official status as it is used in some applications. In the case of .local, it is used by the Multicast Domain Name Service (mDNS, aka Bonjour). Hosts that implement this service use .local as a domain name and have their own way of resolving names.

 

Normally this would not be a problem; however, if you also implement DNS on your network with .local as a TLD, this causes serious name resolution issues. I have had „experience“ of this happening on Linux, Android and OS X systems. Usually in these types of networks you find that DNS name resolution doesn't work at all or only works part of the time.

 

You end up switching to fixed IP addresses because you can't know if a name can be resolved or not (which defeats the whole purpose of having a DNS server in the first place).

 

Hence I suggest using .lan for example instead.




- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: HA server cluster, 0.1PB storage capacity on premise
- IoT:   thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D:    two 3D printers, 3D scanner, CNC router, laser cutter

richms
27907 posts

Uber Geek

Trusted
Lifetime subscriber

  #3221562 22-Apr-2024 19:35
Send private message

timmmay:
Tinkerisk:

 

Just as a side note:

 

 

 

Using the pseudo TLD .local for the internal network is not a good idea either, as it is used by mDNS, for example. 😉

 



Could you please explain this.

 

Before mDNS it was quite common to use .local as domains that you had inhouse and didnt want to pay for a domain for .internal and .lan were others that were often used for it.

 

Then mDNS came along and any device would be able to advertise those and if you had installed apples malware of itunes on a computer, it would then go to the device that advertised its presence with multicast rather than consult the real internal DNS server for it.




Richard rich.ms

Tinkerisk
4095 posts

Uber Geek


  #3221610 22-Apr-2024 19:52
Send private message

richms:

 

Then mDNS came along and any device would be able to advertise those and if you had installed apples malware of itunes on a computer, it would then go to the device that advertised its presence with multicast rather than consult the real internal DNS server for it.

 

 

Sorry but Bonjour relies on standards mDNS (RFC 6762), DNS-SD (RFC 3927) and IPv4LL (RFC 6763). This time Apple had only reacted to the cries of users about cumbersome printer configurations in the user forum after cancelling AppleTalk, and developed Rendevous -> Bonjour -> Zeroconf (open source). Windows now also uses this.

 

<end of OT>




- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: HA server cluster, 0.1PB storage capacity on premise
- IoT:   thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D:    two 3D printers, 3D scanner, CNC router, laser cutter

jnimmo
1093 posts

Uber Geek


  #3221675 23-Apr-2024 08:36
Send private message

Ran into this one too!

 

Looks like .internal might be a future-proof way to go if you're considering changing it:

 

https://www.theregister.com/2024/01/29/icann_internal_tld/

 

 

timmmay
20382 posts

Uber Geek

Trusted
Lifetime subscriber

  #3221687 23-Apr-2024 09:12
Send private message

RFC9375 says to use home.arpa. I switched to that when I moved pihole to docker.

 1 | 2
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Synology DS925+ Review
Posted 23-Apr-2025 15:00

Synology Announces DiskStation DS925+ and DX525 Expansion Unit
Posted 23-Apr-2025 10:34

JBL Tour Pro 3 Review
Posted 22-Apr-2025 16:56

Samsung 9100 Pro NVMe SSD Review
Posted 11-Apr-2025 13:11

Motorola Announces New Mid-tier Phones moto g05 and g15
Posted 4-Apr-2025 00:00

SoftMaker Releases Free PDF editor FreePDF 2025
Posted 3-Apr-2025 15:26

Moto G85 5G Review
Posted 30-Mar-2025 11:53

Ring Launches New AI-Powered Smart Video Search
Posted 27-Mar-2025 16:30

OPPO RENO13 Series Launches in New Zealand
Posted 27-Mar-2025 05:00

Sony Electronics Announces the WF-C710N Truly Wireless Noise Cancelling Earbuds
Posted 26-Mar-2025 20:37

New Harman Kardon Portable Home Speakers Bring Performance and Looks Together
Posted 26-Mar-2025 20:30

Data Insight Launches The Data Academy
Posted 26-Mar-2025 20:21

Oclean AirPump A10 Portable Water Flosser Wins iF Design Award 2025
Posted 20-Mar-2025 12:05

OPPO Find X8 Pro Review
Posted 14-Mar-2025 14:59

Samsung Galaxy Ring Now Available in New Zealand
Posted 14-Mar-2025 13:52








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup



RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright