I recently enabled a DNS gateway to be able to see requests from my router, and network devices. (far more than any other server).ĭigging into this more, I found that it is related to the built-in router security "Home Shield" that ships with newer TP-Link routers. Was surprised to find 80K + requests (in 24 hours) out to an Avira "Safe Things" subdomains *. Here is the kicker though, I have the Avira / Home Shield services completely turned off (I wasn't even subscribed to their paid service for it). The router doesn't care, and sends ALL your traffic to be "analyzed" anyhow. See this response from TP Link (towards bottom of review) from last year - Update: I emailed reviewer to confirm TP-Link never updated him after. I contacted support about this again, and was given a non-answer about how the requests are to check subscription status. 80K + requests a day to check subscription status? Why would it even need to do 1 single subscription check, if I'm not enabling any functionality that is behind a subscription paywall? Also the rate of requests is not constant, it is higher when my internet traffic is higher. To me this lack of consistent answer / response from TP-Link is as concerning as the requests themselves. I'm not seeing much online about this issue, as I don't think many people realize it is even occurring (since traffic is outgoing straight from router, as opposed to an individual computer). Hoping to gain some attention on this issue and get a real answer / response from TP-Link about what exactly is going on here. As well as a concrete timeline and promise for a fix to stop these outgoing requests, when we aren't even using their anti-virus services.Įdit: Additional details, this is on their WiFI 6 AX3000 (Archer AX55) Router. From the XDA Review looks like this is also happening on their Deco series. If you want to easily check your own router, you can use any DNS Gateway ( NextDNS, Cloudflare Gateway Pi-Hole etc.) Just be sure to set the DNS servers under "Advanced->Network->Internet->Advanced Settings" because the DHCP DNS server setting will only apply to the devices inside the network, not the router itself.Įdit #2: I've also contacted Avira directly regarding the endpoints, in the hope that they'll be more straightforward than TP-Link about the purpose. Will update here when I receive a response. Update: Avira support got back to me and said they couldn't answer any questions because I'm not a paying customer. Using the registrar API has additional advantages because you can access your full and real data instead of whatever is shown in port 43 whois. Top registrars like GoDaddy and Namecheap offer APIs for accessing and managing your own domains. So they can collect data, for free, but not tell me what the data is.Įdit #3: If anyone knows of good industry contacts, who can dig into this more or get real answers, please send a message! I've seen GamerNexus brought up a few times, but don't see any contact method. The registrar APIs provide an alternate and simple solution for easily managing your own domain names. Thanks to /u/Lord_Buffum for sharing this - Įssentially they say that the frequency (not existence) of DNS requests is a bug that will be fixed, but never explain WHY the router needs to contact Avira with HomeShield disabled. To me this adds almost no reassurance or new info. We already knew Avira is used for HomeShield, and that DNS lookups to Avira are to get the IP address. The first step is to import your domains by clicking the Import button in Watch My Domains.Īfter downloading all of your domains you’ll be able to do Whois lookups on them that pull data through GoDaddy’s API rather than Port 43 (which doesn’t return valuable information).What we don't know is 1) Why the requests are being made with the service disabled, and 2) What data is even being sent in the requests (and why). Input your API info in Watch My Domains.Ĭlick on the API configuration icon and enter your info in the box that pops up. I got my GoDaddy API information by logging in and going to /keys.Ģ. Watch My Domains currently supports ResellerClub, GoDaddy, Namecheap, Internet.bs and Dynadot. Get your API key and secret from your registrar. And before you dismiss this because you aren’t technical, I was able to set this up in 5 minutes with no technical skills.ġ. There’s now a way to download all of your Whois data into the program without running into rate limits and other issues. But as domain name registrars limit access to Whois in the GDPR era, it has become difficult for domain owners to download their own Whois data into the program. Even with Port 43 limits and GDPR, you can still download your Whois info from select registrars.Ī lot of domain name investors use Watch My Domains Pro to manage their domain name portfolio.
0 Comments
Leave a Reply. |