Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Android client | Appending local domain to DNS Queries

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      posix
      last edited by posix

      Hello,
      I recently purchased an android device which provides a digital calendar and clock.

      After successfully connecting to WIFI I noticed the device would not update its location nor connect to any external services. I kept getting an error that it was unable to connect to the manufacture's server.

      I performed a wireshark packet capture and I noticed the following:

      Screenshot 2022-11-28 at 2.53.13 PM.png

      Its performing DNS lookups with attaching the local domain to the end. I use the local domain for remote administration of my PFSENSE/SSL etc.

      nslookup on pfsense:
      /root: nslookup googleapis.com
      Server: 127.0.0.1
      Address: 127.0.0.1#53

      Non-authoritative answer:
      Name: googleapis.com
      Address: 142.251.33.4
      Name: googleapis.com
      Address: 2607:f8b0:4023:1006::93
      Name: googleapis.com
      Address: 2607:f8b0:4023:1006::63
      Name: googleapis.com
      Address: 2607:f8b0:4023:1006::68
      Name: googleapis.com
      Address: 2607:f8b0:4023:1006::69

      From local laptop:
      nslookup googleapis.com
      Server: 192.168.53.11
      Address: 192.168.53.11#53

      Non-authoritative answer:
      Name: googleapis.com
      Address: 172.217.2.196

      I am running

      22.05-RELEASE (amd64)
      FreeBSD 12.3-STABLE

      Name Version
      acme 0.7.3
      Avahi 2.2_1
      Cron 0.3.8_1
      darkstat 3.1.3_5
      haproxy-devel 0.62_10
      openvpn-client-export 1.6_8
      pfBlockerNG-devel 3.1.0_7
      snort 4.1.6
      Status_Traffic_Totals 2.3.2_2

      No other clients are experiencing this issue.

      The digital calendar/clock is running Android 6.0.1 with Kernel 3.10.65.

      I can access some of the settings but I cannot for example assign a static IP or modify any of the other network settings.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @posix
        last edited by johnpoz

        @posix pretty much any os does this, this is suffix search.. Why you can not get there is there is no answer.

        Look at your sniff where is the answer to your queries. 192.168.30.1 is sending back a reject, that icmp port unreachable..

        example - here is my windows machine.. see it asks for www.googleapis.com with .local.lan added at first because this is my local search domain.

        $ nslookup
        Default Server:  pi.hole
        Address:  192.168.3.10
        
        > set debug
        > www.googleapis.com
        Server:  pi.hole
        Address:  192.168.3.10
        
        ------------
        Got answer:
            HEADER:
                opcode = QUERY, id = 2, rcode = NXDOMAIN
                header flags:  response, auth. answer, want recursion, recursion avail.
                questions = 1,  answers = 0,  authority records = 0,  additional = 0
        
            QUESTIONS:
                www.googleapis.com.local.lan, type = A, class = IN
        
        ------------
        ------------
        Got answer:
            HEADER:
                opcode = QUERY, id = 3, rcode = NXDOMAIN
                header flags:  response, auth. answer, want recursion, recursion avail.
                questions = 1,  answers = 0,  authority records = 0,  additional = 0
        
            QUESTIONS:
                www.googleapis.com.local.lan, type = AAAA, class = IN
        
        ------------
        ------------
        Got answer:
            HEADER:
                opcode = QUERY, id = 4, rcode = NOERROR
                header flags:  response, want recursion, recursion avail.
                questions = 1,  answers = 16,  authority records = 0,  additional = 0
        
            QUESTIONS:
                www.googleapis.com, type = A, class = IN
            ANSWERS:
            ->  www.googleapis.com
                internet address = 172.217.4.202
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 142.250.191.106
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 142.250.191.138
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 142.250.191.170
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 142.250.191.202
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 142.250.191.234
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 142.250.190.10
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 142.250.190.42
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 142.250.190.74
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 142.250.190.106
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 142.250.190.138
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 142.251.32.10
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 172.217.0.170
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 172.217.1.106
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 172.217.4.42
                ttl = 3026 (50 mins 26 secs)
            ->  www.googleapis.com
                internet address = 172.217.4.74
                ttl = 3026 (50 mins 26 secs)
        
        ------------
        Non-authoritative answer:
        ------------
        Got answer:
            HEADER:
                opcode = QUERY, id = 5, rcode = NOERROR
                header flags:  response, want recursion, recursion avail.
                questions = 1,  answers = 4,  authority records = 0,  additional = 0
        
            QUESTIONS:
                www.googleapis.com, type = AAAA, class = IN
            ANSWERS:
            ->  www.googleapis.com
                AAAA IPv6 address = 2607:f8b0:4009:804::200a
                ttl = 30 (30 secs)
            ->  www.googleapis.com
                AAAA IPv6 address = 2607:f8b0:4009:803::200a
                ttl = 30 (30 secs)
            ->  www.googleapis.com
                AAAA IPv6 address = 2607:f8b0:4009:801::200a
                ttl = 30 (30 secs)
            ->  www.googleapis.com
                AAAA IPv6 address = 2607:f8b0:4009:802::200a
                ttl = 30 (30 secs)
        
        ------------
        Name:    www.googleapis.com
        Addresses:  2607:f8b0:4009:804::200a
                  2607:f8b0:4009:803::200a
                  2607:f8b0:4009:801::200a
                  2607:f8b0:4009:802::200a
                  172.217.4.202
                  142.250.191.106
                  142.250.191.138
                  142.250.191.170
                  142.250.191.202
                  142.250.191.234
                  142.250.190.10
                  142.250.190.42
                  142.250.190.74
                  142.250.190.106
                  142.250.190.138
                  142.251.32.10
                  172.217.0.170
                  172.217.1.106
                  172.217.4.42
                  172.217.4.74
        
        >
        

        ipconfig /all - notice the dns suffix search list

        $ ipconfig /all
        
        Windows IP Configuration
        
           Host Name . . . . . . . . . . . . : i9-win
           Primary Dns Suffix  . . . . . . . : local.lan
           Node Type . . . . . . . . . . . . : Broadcast
           IP Routing Enabled. . . . . . . . : No
           WINS Proxy Enabled. . . . . . . . : No
           DNS Suffix Search List. . . . . . : local.lan
        
        Ethernet adapter Local:
        
           Connection-specific DNS Suffix  . : local.lan
           Description . . . . . . . . . . . : Killer E2600 Gigabit Ethernet Controller
           Physical Address. . . . . . . . . : B0-4F-13-0B-FD-16
           DHCP Enabled. . . . . . . . . . . : Yes
           Autoconfiguration Enabled . . . . : Yes
           IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred)
           Subnet Mask . . . . . . . . . . . : 255.255.255.0
           Lease Obtained. . . . . . . . . . : Sunday, November 20, 2022 4:41:11 AM
           Lease Expires . . . . . . . . . . : Friday, December 2, 2022 4:41:05 AM
           Default Gateway . . . . . . . . . : 192.168.9.253
           DHCP Server . . . . . . . . . . . : 192.168.9.253
           DNS Servers . . . . . . . . . . . : 192.168.3.10
           NetBIOS over Tcpip. . . . . . . . : Enabled
        
        

        Your problem is not that - your problem is your blocking dns queries..

        Your laptop is asking a different IP

        Server: 192.168.53.11
        Address: 192.168.53.11#53

        Your sniff is asking 192.168.30.1 and he responds with sorry buddy your not getting there.. What rules do you have on this 30.1 interface in pfsense?

        edit:
        see I created a reject rule for 8.8.8.8 on my lan, then dig a dns query - and pfsense sends back hey your not getting there icmp response.

        $ dig @8.8.8.8 www.google.com
        
        ; <<>> DiG 9.16.34 <<>> @8.8.8.8 www.google.com
        ; (1 server found)
        ;; global options: +cmd
        ;; connection timed out; no servers could be reached
        

        packetcaptureblock.jpg

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        P 1 Reply Last reply Reply Quote 0
        • P
          posix @johnpoz
          last edited by

          @johnpoz

          You are right, this android device joined the IOT SSID. On pfsense I have majority of IOT devices static DHCP binding with DNS assigned. But for dynamic DHCP pool I did not specify DNS server. So it was using .30.1 (pfsense gateway) as DNS and I have DNS redirect configured for external DNS servers not pfsense itself. This is resolved.

          Thank you very much for pointing out the issue.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.