DNS requests from EAP225 (BUG / Misuse)
Since the installation of the latest firmware 5.1.6 all my EAP225 AP's are making A and AAAA DNS requests for the domain eap225
What exactly is the point of this? I don't have a local network host called eap225 and even if I did, what's it got to do with Omada endpoints?
I have had more than 1000 such requests on my network over the last 24 hours, to all which my DNS server returns NXDOMAIN.
I'm assuming it's some dodgy back door way of trying to get info from an Omada based DNS server. Please stop misusing the DNS protocol and stop making these pointless requests.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Tescophil wrote
Since the installation of the latest firmware 5.1.6 all my EAP225 AP's are making A and AAAA DNS requests for the domain eap225
What exactly is the point of this? I don't have a local network host called eap225 and even if I did, what's it got to do with Omada endpoints?
I have had more than 1000 such requests on my network over the last 24 hours, to all which my DNS server returns NXDOMAIN.
I'm assuming it's some dodgy back door way of trying to get info from an Omada based DNS server. Please stop misusing the DNS protocol and stop making these pointless requests.
Hi @Tescophil
Could you please help to confirm what is your DNS server? And also share some screenshots about these DNS request? Your assistance is really appreciated.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
So my EAP225 Outdoor AP got a firmware update today and sure enough it's started making DNS requests from the domain eap225-outdoor
- Copy Link
- Report Inappropriate Content
Hi @Tescophil
Thanks for posting in our business forum.
Tescophil wrote
So my EAP225 Outdoor AP got a firmware update today and sure enough it's started making DNS requests from the domain eap225-outdoor
Just looks like the hostname. Do you have mDNS turned on on your system? Disable it, will this disappear along with that?
Have you tried the Wireshark? What about the result? Does it actually send this domain request for DNS resolution?
- Copy Link
- Report Inappropriate Content
This is not mDNS, each AP sends an A and AAAA DNS request for these hostnames every 10 mins 24/7 to my DNS server, stats below
- Copy Link
- Report Inappropriate Content
@Tescophil
NVM. It looks like the hostname because the hostname query is considered as A.
I am just curious about if it is actually sending this and just hope to get to the bottom of this with some proper guessing and Wireshark while it is already under Hank's investigation. I have AdG and Pi-hole but I don't have these models for test. Cannot borrow one from the warehouse as they are not available.
Good hunt.
- Copy Link
- Report Inappropriate Content
Hi @Tescophil
To assist you better, I've also created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID TKID240431025, please check your email box and ensure the support email is well received. Thanks!
Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.
Many thanks for your great cooperation and patience!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 682
Replies: 7
Voters 0
No one has voted for it yet.