5. Leaking Internal Traffic for Weird Kindle DNS

Leaking Internal Traffic for Weird Kindle DNS

  • G

    I love my new Kindle 3 (wi-fi version) but could kill the developers of the network stack. This blog post, http://www.thedave.ca/geek/kindle-3/, summarizes issue of the Kindle sending DNS inquiries to the DHCP returned value, but sending them to the default gateway address.

    In my case, I have a separate DNS server internally (192.168.10.100), and the Kindle sends lookups to it via the LAN interface of my pfSense box (192.168.10.1). The concerning part is that pfSense NATs the Kindle's address (192.168.10.200), but sends the packet out the WAN interface with the destination (DNS) not NATted. What is seen going out the WAN is:

    src: 11.11.11.1 (pub IP)
    dst: 192.168.10.100
    port: 53

    The ISP router drops the packet, but it really shouldn't have been routed that way at all.

    I know that the Kindle should realize the DNS server is local to the network, but my question is why pfSense doesn't send back a redirect to the host, or at least drop the packet and not send it out the WAN interface? Is there a rule that can be added to ensure a redirect is sent back or at least forward the packet to the internal host?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy