Dns requests .lan

when using adguard, I noticed a lot of requests ending with *.lan (wpad.lan, pti.store.microsoft.com.lan) and all of them with a response from opendns (upstream dns server) NXDOMAIN. What can I do with them and how can I disable them?

You can try the new options in version 4.2 to see if they help?

AGH handle client requests is already on

I also have this, I don’t think it was from the start - maybe after updating to 4.0. Idk. wpad leaking is in part Microsofts fault I think, when proxy autodetect is disabled it can still continue unless you it in windows hosts.

It may be that Gl-iNet’s configurations are triggering this though. Maybe it stems from the DNS port forwarding for Adguard - idk. I even get some .lan requests leaving from my phone now.

These wpad leaks are actually very serious & can be exploited for Man in the Middle attacks

If you also see subdomains like these as I do, _ldap._tcp.dc..
They too are used in Active Directory/Domain Controller exploits.

Obviously .lan requests should not be leaving the router to WAN either, especially not .local as I believe that TLD is available now. I have to drop them under AGH DNS settings at the bottom, adding custom filters will just fill your logs with the blocked requests. I’ll soon know if switching to true OpenWRT makes any difference, not certain it’s Gl-iNet’s fault yet.

on my second computer, I use controlD in the windows network settings and in the analytics in my personal controlD account, there is not a single request with the ending “.lan” . And on the main computer, which is connected to a local network with AGH on GliNet, these requests are in the logs. So I think it’s related to either AGH or GLiNet

Perhaps avhi generated related information, please try to stop

/etc/init.d/avahi-daemon stop
/etc/init.d/avahi-daemon disable

did not help
/etc/init.d/avahi-daemon status is inactive now, but every 10 min I see lan requests

You can try to resolve these domain names, after resolving the corresponding IP address is what?

nslookup wpad.lan

nslookup wpad.lan
╤хЁтхЁ: console.gl-inet.com
Address: “local router ip”
*** console.gl-inet.com wpad.lan: Non-existent domain

Please try to disable the WinHTTP Web Proxy Auto-Discovery service

disabling this setting did not help

This is a post in Chinese, but I think it shows why, wpad.lan domain names come from windows services, do you have any other windows on your LAN?


No other windows . Only Xbox
i renamed my dhcp in luci from “lan” to “glinet”, and now I see this:

every minute

what is this
Allow upstream responses in the range, e.g. for RBL services
in luci
maybe i need uncheck it?