The Graveyard - Products No Longer Supported > DIR-885L

DIR-885L Phoning Home

(1/3) > >>

LarryNOTtheCableGuy:
A couple of weeks ago I installed a Pi Hole (whole house ad blocker) on my home network. Very easy to install and configure on a Raspberry Pi. Once I had it configured to identify which device was making each DNS request, I was shocked to see the number of times the DIR-885L router phoned home. A short test conducted just before starting this post showed it making 280 DNS requests in 5 minutes; the vast majority of which were for www.dlink.com, dlink.com, www.dlink.com.cn, dlink.com.cn, www.dlink.com.tw, dlink.com.tw, www.mydlink.com, and mydlink.com. It also made several requests for www.google.com and google.com (really?). Interestingly, this only occurs when accessing the router's web interface. The rest of the time it's reasonably quiet.

I get that from time to time the router needs to contact the D-Link NTP server and lookup manufacturers of connected devices, but this is ridiculous and frankly quite disconcerting. I can't image why it needs to do this, and am now wondering if information regarding my home network is being leaked to the mother ship (or worse). As a result, I've now blacklisted the China and Taiwan domains, and am seriously considering the same for the US domains. When I have time this winter I'll probably try flashing one of my spares with DD-WRT firmware (FurryNutz, if I run into trouble you'll be seeing me looking for help on dd-wrt.com forum). In the meantime it looks like I'm going to have to install a packet sniffer between my modem and router to see what, if any, information is being leaked. Will let you know what I find.

hydra3333:
Eek.  I too wold like dlink's information on this.

GreenBay42:
What firmware version do you have?

I assume the pi hole is on the LAN side so it cannot measure WAN to Internet traffic from the router.

Do you have any mydlink products on your network?

Let us know what your sniffer finds on the WAN side. I will forward this to a tech to look into also. And also the fact this mainly happens when connecting to the web UI is strange.

EDIT: More questions

Since I saw you have a mydlink camera on another thread, this is normal there is mydlink.com traffic. The camera (and router being a mydlink router) will send requests to mydlink servers.

How did you configure the DNS information on your router? Is DNS Relay enabled or disabled?

Is your pi hole handling dhcp for all your clients?

What DNS server(s) are you using on your pi hole?

Did you statically assign any IP settings/DNS on your clients?

If you blocked any of the mydlink domains/IP addresses, you will see more traffic since it needs to communicate with your mydlink devices (router and cameras) so it will keep requesting.




LarryNOTtheCableGuy:
> What firmware version do you have?

v1.20 (latest released version)

> I assume the pi hole is on the LAN side so it cannot measure WAN to Internet traffic from the router.

Correct. As I said, I'm now looking at what hardware/software I need to monitor the WAN side of the router (e.g., managed switch and another Pi running Wireshark). This will take me a while.

> Do you have any mydlink products on your network?

None. Although I do have a mydlink account, this router is NOT logged into it.

> Let us know what your sniffer finds on the WAN side. I will forward this to a tech to look into also. And also the fact this mainly happens when connecting to the web UI is strange.

Will do. Many many thanks.

> EDIT: More questions

> Since I saw you have a mydlink camera on another thread, this is normal there is mydlink.com traffic. The camera (and router being a mydlink router) will send requests to mydlink servers.

The cameras are at a different location. As I indicated above, I'm not logged into my mydlink account on this router. Had I been, I wouldn't have included them in the list of domains.

> How did you configure the DNS information on your router? Is DNS Relay enabled or disabled?

DNS Relay is disabled on the router so that the Pi Hole can see which device is making each DNS request. The router is acting as the DHCP server on the network and all of the devices have been assigned static IP addresses.

> Is your pi hole handling dhcp for all your clients?

Not at this time.

> What DNS server(s) are you using on your pi hole?

The Pi Hole is passing DNS requests to my local ISP's primary and secondary DNS servers. I'm not using Google, CloudFare, OpenDNS, etc. I'm in Canada, so I'm also not using one of the US vertically-integrated conglomerates. Nor am I using any of the large Canadian providers (Bell, Telus, Rogers).

> Did you statically assign any IP settings/DNS on your clients?

Yes, clients have static IP addresses. The router's DHCP server passes the DNS server information to the clients. Currently, this is the internal address of my Pi.

> If you blocked any of the mydlink domains/IP addresses, you will see more traffic since it needs to communicate with your mydlink devices (router and cameras) so it will keep requesting.

It occurred to me that this might happen. However, with some or all listed domains blacklisted, there is no noticeable increase in the number of requests. Furthermore, there no noticeable difference in the operation of the router.

Again, thank you for looking into this. I'll definitely keep everyone informed as to what I find. Unfortunately it may be a while before I can get to it.

Larry ....

GreenBay42:
Thanks for the information. I know mydlink devices will send requests to the mydlink servers even if not registered. It is kinda like "hey im a mydlink product am I registered" and the server will respond yes or no.  Not too sure about the google requests unless you have an android device or any google home/assistant products.

Definitely let us know your results. A couple techs are off today so we will look into this on Monday.

Have you contacted D-Link tech support?

If possible can you send me a list of domains/IP addresses it is sending? I can send to the engineers so they can verify them. You can PM me or I can give you an email address.

Navigation

[0] Message Index

[#] Next page

Go to full version