- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Router DNS causes "Connection not secure" - on all websites & devices
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Router DNS causes "Connection not secure" - on all websites & devices
Nighthawk AX4: RAX40
Firmware Version V1.0.3.64_1.0.1 (latest)
All works as expected, except any DNS query that comes near the router triggers a "connection not secure". All devices, all operating systems. Doesn't matter whether I leave DNS on auto or log in to the router and manually specify a DNS server (8.8.8.8 or 1.1.1.1).
I know the router works fine because if I set the DNS on the individual device it works as expected.
From the broken certificate the browser complains about I gather this is connected to the portal (routerlogin.net) but I really don't need a router that injects broken certificates into traffic silently that isn't even portal related. It's a security risk, unwanted and well pretty broken.
I gather it's related to this security hole discovered a couple days back:
https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
Netgear's solution (posted 3 days ago) is to add this broken certificate as force trusted in the browser (the worst possible thing you can do for compromised certificates):
...doesn't even fix the issue since not all devices can force a different DNS or side-load a certificate.
So before I send this thing back as defective - any ideas? Really thinking I made a mistake here
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Router DNS causes "Connection not secure" - on all websites & devices
@SomeDudeX wrote:
All works as expected, except any DNS query that comes near the router triggers a "connection not secure". All devices, all operating systems.
All browsers?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Router DNS causes "Connection not secure" - on all websites & devices
The security hole - I've pointed out for years that the private key is available on any Netgear device (that's the one and only problem...) - which isn't affecting virtually anything. Still good enough to use on a private home network - certainly better than plain http. Lots of noise - they did ot for commodity., to make it easy and transparent having a reasonable https connection to the router. And who says that this certificate is revoked? Leaving this alone, strongly doubt this is the issue here.
DNS queries don't trigger any connecitons, they just return an A record with an IPv4 address (or a list of addresses), e.g. for www.google.com And no, this router class does not intercept any https connection, too.
Show us the URL you try to access. Check a simple dig or nslookup for the FQDN when using the router DNS res. when using the direct DNS query. Somehting simple like
nslookup www.google.com
Your router Internet Interface is configured to use the same DNS IP address(es) as you try internally for a direct query? Simple test:
nslookup www.google.com nslookup > server 8.8.8.8 > www.google.com
DNS IP and Google FQDN just used as an example.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Router DNS causes "Connection not secure" - on all websites & devices
@schumaku - I appreciate the detailed response.
Yeah that's the behaviour I'm expecting/hoping for. Not at all what is happening though.
>strongly doubt this is the issue here.
Well the one seems to be triggering the other. The router appears to be pointing all DNS requests at the router IP (it's now invalid cert). This is what DNS to auto looks like (both on router and connecting devices):
PS C:\Users\AN> nslookup
Default Server: www.routerlogin.com
Address: 192.168.1.1
PS C:\Users\AN> nslookup google.com
Server: www.routerlogin.com
Address: 192.168.1.1
Name: google.com
Address: 192.168.1.1
PS C:\Users\AN> ping google.com
Pinging google.com [192.168.1.1] with 32 bytes of data
Reply from 192.168.1.1: bytes=32 time=4ms TTL=64
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64
Reply from 192.168.1.1: bytes=32 time=3ms TTL=64
PS C:\Users\AN> ping community.netgear.com
Pinging community.netgear.com [192.168.1.1] with 32 bytes of data
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64
Reply from 192.168.1.1: bytes=32 time=2ms TTL=64
Firefox - refuses cert because it's obviously not valid for google domain google cert - https://i.imgur.com/pk9wG2H.png
Chrome - google.com asking me for my (portal) login on chrome - https://i.imgur.com/xn3ZfjZ.png
(That's new behaviour - pretty sure they both refused yesterday)
@michaelkenward Yep. Everything top to bottom is affected - TV, firestick, laptops, laptops, iphones. The only devices that are working are the ones specifically told to ignore the router for DNS.
Doesn't really matter...different brand router is on the way already. Obvious issue of nothing works aside it doesn't fly for my usage case (running a pihole). And this blend of compromised certs & silent redirects is making me a little wary of MITM - though seems unlikely
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more