when using adguard, I noticed a lot of requests ending with *.lan (wpad.lan, pti.store.microsoft.com.lan) and all of them with a response from opendns (upstream dns server) NXDOMAIN. What can I do with them and how can I disable them?
AGH handle client requests is already on
I also have this, I don’t think it was from the start - maybe after updating to 4.0. Idk. wpad leaking is in part Microsofts fault I think, when proxy autodetect is disabled it can still continue unless you 0.0.0.0 it in windows hosts.
It may be that Gl-iNet’s configurations are triggering this though. Maybe it stems from the DNS port forwarding for Adguard - idk. I even get some .lan requests leaving from my phone now.
These wpad leaks are actually very serious & can be exploited for Man in the Middle attacks
If you also see subdomains like these as I do, _ldap._tcp.dc..
They too are used in Active Directory/Domain Controller exploits.
Obviously .lan requests should not be leaving the router to WAN either, especially not .local as I believe that TLD is available now. I have to drop them under AGH DNS settings at the bottom, adding custom filters will just fill your logs with the blocked requests. I’ll soon know if switching to true OpenWRT makes any difference, not certain it’s Gl-iNet’s fault yet.
on my second computer, I use controlD in the windows network settings and in the analytics in my personal controlD account, there is not a single request with the ending “.lan” . And on the main computer, which is connected to a local network with AGH on GliNet, these requests are in the logs. So I think it’s related to either AGH or GLiNet
Perhaps avhi generated related information, please try to stop
/etc/init.d/avahi-daemon stop /etc/init.d/avahi-daemon disable
did not help
/etc/init.d/avahi-daemon status is inactive now, but every 10 min I see lan requests
You can try to resolve these domain names, after resolving the corresponding IP address is what?
Address: “local router ip”
*** console.gl-inet.com wpad.lan: Non-existent domain
Please try to disable the WinHTTP Web Proxy Auto-Discovery service
disabling this setting did not help
This is a post in Chinese, but I think it shows why, wpad.lan domain names come from windows services, do you have any other windows on your LAN?
No other windows . Only Xbox
i renamed my dhcp in luci from “lan” to “glinet”, and now I see this:
what is this
Allow upstream responses in the 127.0.0.0/8 range, e.g. for RBL services
maybe i need uncheck it?