Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Leaking Internal Traffic for Weird Kindle DNS

    2.0-RC Snapshot Feedback and Problems - RETIRED
    1
    1
    1904
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gadams999 last edited by

      I love my new Kindle 3 (wi-fi version) but could kill the developers of the network stack. This blog post, http://www.thedave.ca/geek/kindle-3/, summarizes issue of the Kindle sending DNS inquiries to the DHCP returned value, but sending them to the default gateway address.

      In my case, I have a separate DNS server internally (192.168.10.100), and the Kindle sends lookups to it via the LAN interface of my pfSense box (192.168.10.1). The concerning part is that pfSense NATs the Kindle's address (192.168.10.200), but sends the packet out the WAN interface with the destination (DNS) not NATted. What is seen going out the WAN is:

      src: 11.11.11.1 (pub IP)
      dst: 192.168.10.100
      port: 53

      The ISP router drops the packet, but it really shouldn't have been routed that way at all.

      I know that the Kindle should realize the DNS server is local to the network, but my question is why pfSense doesn't send back a redirect to the host, or at least drop the packet and not send it out the WAN interface? Is there a rule that can be added to ensure a redirect is sent back or at least forward the packet to the internal host?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy