NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Router DNS causes "Connection not secure" - on all websites & devices
Nighthawk AX4: RAX40 Firmware Version V1.0.3.64_1.0.1 (latest) All works as expected, except any DNS query that comes near the router triggers a "connection not secure". All devices, all operati...
SomeDudeX wrote:
All works as expected, except any DNS query that comes near the router triggers a "connection not secure". All devices, all operating systems.
All browsers?
The security hole - I've pointed out for years that the private key is available on any Netgear device (that's the one and only problem...) - which isn't affecting virtually anything. Still good enough to use on a private home network - certainly better than plain http. Lots of noise - they did ot for commodity., to make it easy and transparent having a reasonable https connection to the router. And who says that this certificate is revoked? Leaving this alone, strongly doubt this is the issue here.
DNS queries don't trigger any connecitons, they just return an A record with an IPv4 address (or a list of addresses), e.g. for www.google.com And no, this router class does not intercept any https connection, too.
Show us the URL you try to access. Check a simple dig or nslookup for the FQDN when using the router DNS res. when using the direct DNS query. Somehting simple like
nslookup www.google.com
Your router Internet Interface is configured to use the same DNS IP address(es) as you try internally for a direct query? Simple test:
nslookup www.google.com nslookup > server 8.8.8.8 > www.google.com
DNS IP and Google FQDN just used as an example.
schumaku - I appreciate the detailed response.
Yeah that's the behaviour I'm expecting/hoping for. Not at all what is happening though.
>strongly doubt this is the issue here.
Well the one seems to be triggering the other. The router appears to be pointing all DNS requests at the router IP (it's now invalid cert). This is what DNS to auto looks like (both on router and connecting devices):
PS C:\Users\AN> nslookup
Default Server: www.routerlogin.com
Address: 192.168.1.1PS C:\Users\AN> nslookup google.com
Server: www.routerlogin.com
Address: 192.168.1.1Name: google.com
Address: 192.168.1.1PS C:\Users\AN> ping google.com
Pinging google.com [192.168.1.1] with 32 bytes of data
Reply from 192.168.1.1: bytes=32 time=4ms TTL=64
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64
Reply from 192.168.1.1: bytes=32 time=3ms TTL=64
PS C:\Users\AN> ping community.netgear.com
Pinging community.netgear.com [192.168.1.1] with 32 bytes of data
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64Firefox - refuses cert because it's obviously not valid for google domain google cert - https://i.imgur.com/pk9wG2H.png
Chrome - google.com asking me for my (portal) login on chrome - https://i.imgur.com/xn3ZfjZ.png
(That's new behaviour - pretty sure they both refused yesterday)
michaelkenward Yep. Everything top to bottom is affected - TV, firestick, laptops, laptops, iphones. The only devices that are working are the ones specifically told to ignore the router for DNS.
Doesn't really matter...different brand router is on the way already. Obvious issue of nothing works aside it doesn't fly for my usage case (running a pihole). And this blend of compromised certs & silent redirects is making me a little wary of MITM - though seems unlikely