Sunrise
Connect Box 3 HFC

I noticed that Sunrise is filtering DNS requests, even when I am targeting other DNS servers, such as 8.8.8.8.

The address that I am querying is resolved normally on online services (e.g., whatismyipaddress.com). It also resolves normally when I am using DNS over TLS. But the request times out when I use any public DNS server.

Does this mean that Sunrise is sniffing the DNS requests that go other DNS servers? How can I stop this? My network packets contain personal information. No ISP should sniff and process them.

And yes, Surf Protect is disabled.

  • Daniele_Sunrise ha risposto a questo messaggio

    • pato

    • Migliore soluzione impostato da yiourkas 11.4K

    They currently seem to filter out DNS replies that contain RFC 1918 addresses as replies, the reason for this is currently unknown.

    Discussioni relative

    Querying google’s DNS without TLS:

    $ kdig  @8.8.8.8  sunrisetest.gotdns.ch
;; WARNING: response timeout for 8.8.8.8@53(UDP)
;; WARNING: response timeout for 8.8.8.8@53(UDP)
;; WARNING: response timeout for 8.8.8.8@53(UDP)
;; ERROR: failed to query server 8.8.8.8@53(UDP)

    And with TLS:

    $ kdig  @8.8.8.8 +tls-ca +tls-host=dns.google.com sunrisetest.gotdns.ch

;; ANSWER SECTION:
sunrisetest.gotdns.ch.	13	IN	A	127.0.0.1

;; Received 468 B
;; Time 2023-03-10 21:16:30 CET
;; From 8.8.8.8@853(TCP) in 24.3 ms

    • pato

      • Messaggio #3
      • Modificato
      • Questo post è in Inglese
      • Migliore soluzione impostato da yiourkas 11.4K

      They currently seem to filter out DNS replies that contain RFC 1918 addresses as replies, the reason for this is currently unknown.

        pato do you know if the filtering happens in sunrise servers or in the router?

        I also have a sunrise mobile subscription and I don’t have the same issue on mobile internet. Only on home internet. Which may be an indication that the connect box is responsible for filtering. I will experiment a bit with the modem mode.

        • pato ha risposto a questo messaggio

            • pato

              • Messaggio #5
              • Questo post è in Inglese

              yiourkas No idea. Using since years my own dns server.

                I switched my Connect Box 3 to modem mode and there is no DNS filtering. I think I will get a Fritz!Box and plug it directly on my Connect Box. Thanks @pato for your help.

                B.t.w., how does your own DNS server resolve these addresses (e.g., sunrisetest.gotdns.ch)? It still needs to forward the request to an external DNS server (and the response will be blocked by Connect Box).

                • pato

                  • Messaggio #7
                  • Questo post è in Inglese

                  C:\Users\patob>nslookup sunrisetest.gotdns.ch
                  Server: pi.hole
                  Address: 192.168.1.20

                  Non-authoritative answer:
                  Name: sunrisetest.gotdns.ch
                  Address: 127.0.0.1

                  I utilize Quad9 as an external resolver.

                  C:\Users\patob>

                  yiourkas Welcome to the community!

                  We have just uninstalled the Extra Protect and Surf option. Can you please test it again?

                  Greetings
                  Daniele

                    6 mesi dopo