What's new

Question about Trend Micro AiProtection and DNS over TLS

Davidncali001

Regular Contributor
I have DNS over TLS turned on in the settings of RMerlin's firmware and wanted to test if DNS over TLS was working correctly.

I did a tcpdump from the terminal and noticed that everything was going through port 853, however whenever the router accessed anything to do with the Trend Micro's AiProtection suite it was using port 53.

Is this normal behavior?


I placed a screen shot in this link: https://ibb.co/2hzcH2R


Thanks
 
Last edited:

dave14305

Part of the Furniture
Yes, because of the setting on the Tools / Other Settings page for "Wan: Use local caching DNS server as system resolver" being defaulted to No. Any query originated by the router itself (e.g. trend micro processes running on the router) will use the WAN DNS servers the old fashioned way (port 53).

Clients on your network will still go through DNS over TLS.
 

Davidncali001

Regular Contributor
Yes, because of the setting on the Tools / Other Settings page for "Wan: Use local caching DNS server as system resolver" being defaulted to No. Any query originated by the router itself (e.g. trend micro processes running on the router) will use the WAN DNS servers the old fashioned way (port 53).

Clients on your network will still go through DNS over TLS.
you know I thought that might be it, the Wan: Use local caching DNS server as system resolver being defaulted to No. So I set it to yes then did another tcpdump and AiProtection still goes through port 53.

I did not restart the router after setting the Wan local caching to yes, could that be why it was still using port 53?

Also is it really a concern that port 53 is being used for AiProtection?
 

dave14305

Part of the Furniture
you know I thought that might be it, the Wan: Use local caching DNS server as system resolver being defaulted to No. So I set it to yes then did another tcpdump and AiProtection still goes through port 53.

I did not restart the router after setting the Wan local caching to yes, could that be why it was still using port 53?

Also is it really a concern that port 53 is being used for AiProtection?
It should have restarted dnsmasq when you hit apply. Run "cat /etc/resolv.conf" to confirm it's only using 127.0.0.1 and/or 127.0.1.1.

I would rather leave the settings as No and ensure that the router can behave well without relying on its own services (dnsmasq, stubby). The small amount of DNS traffic the router generates wouldn't be a concern for me personally (firmware update check, diversion updates, skynet updates, trend micro queries). Depends on a lot of personal, subjective criteria.
 

skeal

Part of the Furniture
It should have restarted dnsmasq when you hit apply. Run "cat /etc/resolv.conf" to confirm it's only using 127.0.0.1 and/or 127.0.1.1.

I would rather leave the settings as No and ensure that the router can behave well without relying on its own services (dnsmasq, stubby). The small amount of DNS traffic the router generates wouldn't be a concern for me personally (firmware update check, diversion updates, skynet updates, trend micro queries). Depends on a lot of personal, subjective criteria.
Very well explained @dave14305 good job!! :)
 

Davidncali001

Regular Contributor
It should have restarted dnsmasq when you hit apply. Run "cat /etc/resolv.conf" to confirm it's only using 127.0.0.1 and/or 127.0.1.1.

I would rather leave the settings as No and ensure that the router can behave well without relying on its own services (dnsmasq, stubby). The small amount of DNS traffic the router generates wouldn't be a concern for me personally (firmware update check, diversion updates, skynet updates, trend micro queries). Depends on a lot of personal, subjective criteria.

Thank You for all your help!
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top