DNS requests from EAP225 (BUG / Misuse)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

DNS requests from EAP225 (BUG / Misuse)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
DNS requests from EAP225 (BUG / Misuse)
DNS requests from EAP225 (BUG / Misuse)
2024-04-05 16:08:34
Model: EAP225  
Hardware Version: V3
Firmware Version: 5.1.6

Since the installation of the latest firmware 5.1.6 all my EAP225 AP's are making A and AAAA DNS requests for the domain eap225

 

What exactly is the point of this? I don't have a local network host called eap225 and even if I did, what's it got to do with Omada endpoints?

 

I have had more than 1000 such requests on my network over the last 24 hours, to all which my DNS server returns NXDOMAIN.

 

I'm assuming it's some dodgy back door way of trying to get info from an Omada based DNS server. Please stop misusing the DNS protocol and stop making these pointless requests.

 

 

 

  1      
  1      
#1
Options
7 Reply
Re:DNS requests from EAP225 (BUG / Misuse)
2024-04-07 06:47:36

 

Tescophil wrote

Since the installation of the latest firmware 5.1.6 all my EAP225 AP's are making A and AAAA DNS requests for the domain eap225

 

What exactly is the point of this? I don't have a local network host called eap225 and even if I did, what's it got to do with Omada endpoints?

 

I have had more than 1000 such requests on my network over the last 24 hours, to all which my DNS server returns NXDOMAIN.

 

I'm assuming it's some dodgy back door way of trying to get info from an Omada based DNS server. Please stop misusing the DNS protocol and stop making these pointless requests.

 

 

 

Hi @Tescophil 

Could you please help to confirm what is your DNS server? And also share some screenshots about these DNS request? Your assistance is really appreciated.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:DNS requests from EAP225 (BUG / Misuse)
2024-04-07 09:41:18 - last edited 2024-04-07 09:44:17

  @Hank21 

 

I use AdGuard Home. Each AP sends an A and AAAA request every 10 mins for eap225

 

 

 

 

 

 

  0  
  0  
#3
Options
Re:DNS requests from EAP225 (BUG / Misuse)
2024-04-09 08:48:32 - last edited 2024-04-09 08:51:17

So my EAP225 Outdoor AP got a firmware update today and sure enough it's started making DNS requests from the domain eap225-outdoor

  0  
  0  
#4
Options
Re:DNS requests from EAP225 (BUG / Misuse)
2024-04-11 09:49:15

Hi @Tescophil 

Thanks for posting in our business forum.

Tescophil wrote

So my EAP225 Outdoor AP got a firmware update today and sure enough it's started making DNS requests from the domain eap225-outdoor

Just looks like the hostname. Do you have mDNS turned on on your system? Disable it, will this disappear along with that?

Have you tried the Wireshark? What about the result? Does it actually send this domain request for DNS resolution?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#5
Options
Re:DNS requests from EAP225 (BUG / Misuse)
2024-04-11 09:58:41 - last edited 2024-04-11 09:59:12

  @Clive_A 

 

This is not mDNS, each AP sends an A and AAAA DNS request for these hostnames every 10 mins 24/7 to my DNS server, stats below

 

 

 

  0  
  0  
#6
Options
Re:DNS requests from EAP225 (BUG / Misuse)
2024-04-12 03:11:25

 @Tescophil
NVM. It looks like the hostname because the hostname query is considered as A.

I am just curious about if it is actually sending this and just hope to get to the bottom of this with some proper guessing and Wireshark  while it is already under Hank's investigation. I have AdG and Pi-hole but I don't have these models for test. Cannot borrow one from the warehouse as they are not available.

Good hunt.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#7
Options
Re:DNS requests from EAP225 (BUG / Misuse)
2024-04-16 11:20:15

 Hi @Tescophil 

To assist you better, I've also created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID TKID240431025, please check your email box and ensure the support email is well received. Thanks!

 

Once the issue is addressed or resolved, welcome to update this topic thread with your solution to help others who may encounter the same issue as you did.

 

Many thanks for your great cooperation and patience!
 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#8
Options