Somethings up with local.net

Something is up with local.net

You know how it is, you visit your sister and being the family computer guy along with your hearty meal and beer you get to hear about her computer woes. Her PC's too slow, there's not enough space for her mp3's etc etc etc. Call it family tax, I do.

I gave it the once over, after uninstalling all the "useful" toolbars and giving it a good gutting with Ad-Aware things were back to normal. To give myself a celebratory pat on the back I thought I'd go visit one of my favourite websites, cryptome.org. Instead of typing the address correctly, I enter cryptome.orh - a simple qwerty-esque typo.

Instead of receiving the usual page full of Her Majesty's dirty little secrets I got this instead:

The more observant will be asking "WTF?" - I know I was. I was expecting either the aforementioned page of dirty secrets or the usual IE 'your dumb' address not found page.

Pausing a moment to think a little more, I tried entering cryptome.org again, properly this time - no problems, the site came up.

This got my interest, so I tried something blatantly rubbish like foo1.foo2.foo3, look what I got:

Ok, so somethings well up here, addresses that resolve go through ok, addresses that won't get directed to the "helpful" page that leads to rooms.net. Time to start banging the metal a little and see what is going on.

Fired up a cmd prompt and started nslookup

Server: router.local.net

Address: 192.168.1.1

>

My sister has an ADSL line from some UK ISP, she's got a Draytek Vigor 2600We router to share the line with 1 desktop and a wireless laptop. Looks like the routers advertising its own DNS server over its DHCP leases, no worries here.

> slashdot.org

Server: router.local.net

Address: 192.168.1.1

Non-authoritative answer:

Name: slashdot.org.local.net

Address: 206.225.95.129

>

Eh, oh looks like the connection has got a default DNS suffix of local.net, I wonder what ipconfig /all says:

Windows IP Configuration

Host Name . . . . . . . . . . . . : your-y0mkaz8jaq

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : local.net

Ethernet adapter Ethernet 100MB Cable:

Connection-specific DNS Suffix . : local.net

Description . . . . . . . . . . . : Realtek RTL8139/810X Family PCI Fast

Ethernet NIC

Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.12

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : 23 October 2006 17:29:29

Lease Expires . . . . . . . . . . : 26 October 2006 17:29:29

Guess the router is giving out the default domain as part of the DHCP response. Lets go back to nslookup and see what we can do

> set all

Default Server: router.local.net

Address: 192.168.1.1

Set options:

nodebug

defname

search

recurse

nod2

novc

noignoretc

port=53

type=A

class=IN

timeout=2

retry=1

root=A.ROOT-SERVERS.NET.

domain=local.net

MSxfr

IXFRversion=1

srchlist=local.net

Lets try disabling searching and see what happens

> set nosearch

> slashdot.org

Server: router.local.net

Address: 192.168.1.1

Non-authoritative answer:

Name: slashdot.org

Address: 66.35.250.150

That's better, copy/paste of address to browser gives the right answer. I wonder...

> rubbish.trash.no.way.this.resolves.local.net

Server: router.local.net

Address: 192.168.1.1

Non-authoritative answer:

Name: rubbish.trash.no.way.this.resolves.local.net

Address: 206.225.95.129

Now I think I understand it, whoever registered local.net has got a default DNS entry that resolves to the helpful page, and if the website address you type isn't found, the DNS subsystem tries it again with appending the suffix. If the suffix is local.net then it will resolve, no matter what you type.

I won't bore you with the details but after reading the router manual there is a command "sys domainname <domain name>" over the telnet interface that can be used to set the domain name. Whoever had the router last (eBay purchase) had set it to local.net. After I cleared it and released / renewed the DHCP leases all behaved as normal.

So if your tempted to set your internal network domain to local.net - think again.

Wullie