04-17-2018 11:11 AM
I recently picked up a switch mini to evaluate it. I was planning on buying dimmers and switches down the road if things go well. However, as a part of my evaluation, I noticed that the device is running an open DNS resolver. In my network this isn't a huge deal as IoT devices get their own VLAN - but thiis seems needless and a potential risk. I've confirmed that the DNS resolver will respond to queries regardless of source subnet, and returns valid results.
What is the purpose of this DNS resolver? Why is it running at all on the device, and why is it exposed?
Firmware Version: 2.00.11059
04-18-2018 10:20 AM
i don't mean to bump this, but I sort of thought someone would have responded. Having an open DNS resolver on my IoT devices is not something I'd consider a best practice - but a search here makes it look like I'm not the first person to notice this.
Are there plans to update the firmware to stop listening on tcp/udp 53? Why was it setup this way in the first place?
04-18-2018 01:11 PM
04-18-2018 04:27 PM
That was the thread I found initially that made me post a new one - they never did come back and explain why it's running.
I segregate my IoT devices from the rest of my network so there isn't tons of risk involved for me (worst case is DOS against the other IoT devices or my router) - but the very existence of a DNS resolver listening openly seems like a terrible sign for the platform's security.
That's all I really want answered is why? Why is there a DNS server listening on my smart outlet? What practical reason could they have for it?
04-18-2018 04:38 PM
04-20-2018 04:44 AM
It doesn't appear so - that draft describes a way for the device to name itself appropriately after getting a router advertisement. It has nothing to do with the device itself acting as a DNS resolver.
Do the actual wemo/belkin guys read anything here? I'm sort of suprised that you are the only respondent.
04-20-2018 05:48 AM
Hi, obideuce. We've endorsed your case to our 2nd Level Support Team for assistance on this query. They'll contact you the soonest.
04-20-2018 09:49 AM
So there will the thread end, I suspect
Time and time again moderators contact the complainant directly and the resolution never appears for all to see.
Rosalyn_T, you need to post here on this thread an answer to the question that obideuce has so rightly asked.
04-21-2018 05:33 PM
They've contacted me, but I don't believe they actually understand the problem. It was a typical "what brand of router do you use" technical problems questionnaire. If an actual resolution comes of my e-mails with them I will let you guys know.