1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Question about Trend Micro AiProtection and DNS over TLS

Discussion in 'Asuswrt-Merlin' started by Davidncali001, Dec 10, 2019.

  1. Davidncali001

    Davidncali001 Regular Contributor

    Joined:
    Dec 25, 2017
    Messages:
    96
    Location:
    SF
    I have DNS over TLS turned on in the settings of RMerlin's firmware and wanted to test if DNS over TLS was working correctly.

    I did a tcpdump from the terminal and noticed that everything was going through port 853, however whenever the router accessed anything to do with the Trend Micro's AiProtection suite it was using port 53.

    Is this normal behavior?


    I placed a screen shot in this link: https://ibb.co/2hzcH2R


    Thanks
     
    Last edited: Dec 10, 2019
  2. dave14305

    dave14305 Part of the Furniture

    Joined:
    May 19, 2018
    Messages:
    2,164
    Location:
    USA
    Yes, because of the setting on the Tools / Other Settings page for "Wan: Use local caching DNS server as system resolver" being defaulted to No. Any query originated by the router itself (e.g. trend micro processes running on the router) will use the WAN DNS servers the old fashioned way (port 53).

    Clients on your network will still go through DNS over TLS.
     
    royarcher and Davidncali001 like this.
  3. Davidncali001

    Davidncali001 Regular Contributor

    Joined:
    Dec 25, 2017
    Messages:
    96
    Location:
    SF
    you know I thought that might be it, the Wan: Use local caching DNS server as system resolver being defaulted to No. So I set it to yes then did another tcpdump and AiProtection still goes through port 53.

    I did not restart the router after setting the Wan local caching to yes, could that be why it was still using port 53?

    Also is it really a concern that port 53 is being used for AiProtection?
     
  4. dave14305

    dave14305 Part of the Furniture

    Joined:
    May 19, 2018
    Messages:
    2,164
    Location:
    USA
    It should have restarted dnsmasq when you hit apply. Run "cat /etc/resolv.conf" to confirm it's only using 127.0.0.1 and/or 127.0.1.1.

    I would rather leave the settings as No and ensure that the router can behave well without relying on its own services (dnsmasq, stubby). The small amount of DNS traffic the router generates wouldn't be a concern for me personally (firmware update check, diversion updates, skynet updates, trend micro queries). Depends on a lot of personal, subjective criteria.
     
    Twiglets, #TY, Davidncali001 and 4 others like this.
  5. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,814
    Location:
    Riderville, SK
    Very well explained @dave14305 good job!! :)
     
  6. Davidncali001

    Davidncali001 Regular Contributor

    Joined:
    Dec 25, 2017
    Messages:
    96
    Location:
    SF

    Thank You for all your help!