Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Leaking Internal Traffic for Weird Kindle DNS

    2.0-RC Snapshot Feedback and Problems - RETIRED
    1
    1
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gadams999
      last edited by

      I love my new Kindle 3 (wi-fi version) but could kill the developers of the network stack. This blog post, http://www.thedave.ca/geek/kindle-3/, summarizes issue of the Kindle sending DNS inquiries to the DHCP returned value, but sending them to the default gateway address.

      In my case, I have a separate DNS server internally (192.168.10.100), and the Kindle sends lookups to it via the LAN interface of my pfSense box (192.168.10.1). The concerning part is that pfSense NATs the Kindle's address (192.168.10.200), but sends the packet out the WAN interface with the destination (DNS) not NATted. What is seen going out the WAN is:

      src: 11.11.11.1 (pub IP)
      dst: 192.168.10.100
      port: 53

      The ISP router drops the packet, but it really shouldn't have been routed that way at all.

      I know that the Kindle should realize the DNS server is local to the network, but my question is why pfSense doesn't send back a redirect to the host, or at least drop the packet and not send it out the WAN interface? Is there a rule that can be added to ensure a redirect is sent back or at least forward the packet to the internal host?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.