Custom domain name setup in router for local access?

networking ping dns router

Solution 1:

Depending on the model and administration interface you may or may not be able to add/modify DNS entries. What is happening is your computer receives the router as its primary DNS server through DHCP. The router either has a DNS server on it or has a hosts file that contains that address.

At no point will you be able to access that address outside of your local network because it is not a publicly registered domain.

If you want full control of DNS on your local network, you can setup bind9 on a raspberry pi and configure the router to point to it.

Solution 2:

The router is intercepting and replying the DNS requests by itself.

DNS is the system that resolves a domain name like tplinkwifi.net into an IP address like 192.168.0.1. The protocol does not have any sort of encryption or security built in - your computer sends a DNS (plain-text) query to the DNS server, receives a (plain-text) response, and trusts it.

When using DHCP, your router can assign you which DNS' to use (a primary and a secondary one), but your computer can still override that.

In my case, my computer is connected to a TP-Link Archer C50 Router (192.168.3.253) over WiFi, getting its IP (192.168.3.200) via DHCP but with custom DNS servers set (8.8.8.8 and 8.8.4.4). The tplinkwifi.net is resolving to 192.168.3.253 (which is not a standard IP for the router to be, so the resolution is not fixed), and even if I perform a DNS query explicitly targeted at the 8.8.8.8 DNS server, I get an immediate response with the local IP:

$ dig @8.8.8.8 tplinkwifi.net

; <<>> DiG 9.10.6 <<>> @8.8.8.8 tplinkwifi.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48609
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;tplinkwifi.net.            IN  A

;; ANSWER SECTION:
tplinkwifi.net.     1   IN  A   192.168.3.253

;; Query time: 1 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul 07 23:59:52 -03 2021
;; MSG SIZE  rcvd: 48

So the conclusion is that the Router is intercepting the DNS query for that name, and responding it by itself, impersonating 8.8.8.8. You can see the 1 msec response time (I'm on a really bad internet connection, pinging 8.8.8.8 gives 30ms at best), so it has to be the router forging the response.

You can finally check on Google Public DNS that the actual domain resolves to some other IP. To be able to visit that site, you should either connect to the Internet without going through a TP Link router that resolves this domain, hard-code those IPs on your local hosts file, or use DNS over HTTPs (DoH) to avoid the DNS query being intercepted by the router.

Related

How to connect php application to oracle db on rhel 7.9
How to stream from webcam while simultaneously saving the stream to a local file using ffmpeg? [duplicate]
I'm unable to expand my WSL, using "apt install"
Is this (Wii) Guitar Hero controller normal?
How to send a message to everyone at a certain in-game time?
Sans Fast Slam Attack Question
How can I find which games are available in the Microsoft PC Game Pass?
How can I gift Call of Duty 4 to a friend without linking his account?
What are the orbs on zen cactus?
When does The Banner Saga save?
Can I download Minecraft Windows 10 Edition on the same user account on different computers?
Car ran out of fuel