Typically I connect to my router by its IP address of 192.168.1.1. However, I am also able to connect to it at the URL router.asus.com. My computer does not have a connection to the Internet. How does this work?
3 Answers
Your router has its own DNS server. When you do use it online, it'll forward to your ISP's DNS, but it's also added its own entry at router.asus.com to point to itself.
As you're likely using DHCP, it'll automatically assign your machines to use its own DNS. You could test this by changing to a manually assigned DNS server (8.8.8.8 for example), flush your DNS and then try the same URL.
Note that visiting router.asus.com with my connection takes me to a site hosted with Amazon that appears to try and scan for a compatible router on my network.
Looks like it uses the following JQuery to try and grab a specific JSON file from a Machine Name on the network:
$.ajax({
url: "http://" + target.domainName + "/findasus.json",
dataType: "jsonp",
timeout: 20000,
global: true,
complete: function(jqXHR, textStatus){
switch(jqXHR.status){
case 0:
target.status = 2;
break;
default:
target.status = 1;
iAmAlive({
modelName: target.domainName.replace("findasus.local", "ASUS"),
ssid: "",
ipAddr: target.domainName
});
}
sessionComplete();
}
});
You can see the names it tries to access in the screenshot. Literally just loops through and if it gets a hit it'll redirect to what it found.
-
1Interesting. Can you expand on the note you made. How does the site hosted on Amazon have access to your local network behind your firewall to scan for a router? (This is for those who do not have a compatible Asus router, or have changed their DNS on their Asus router I assume)– Ryan RCommented Feb 15, 2016 at 18:39
-
-
15The server is not actually scanning your network. It serves up a web page with Javascript. Your browser runs the javascript. So it's your browser that does the "scanning". They have no special access to your network, it's your browser that has the special access.– AnerCommented Feb 15, 2016 at 20:35
-
6Setting your own DNS doesn't always work to get around the router's DNS server. I own at least one router that intercepts outgoing DNS requests to other DNS servers and answers them itself. Commented Feb 15, 2016 at 21:30
-
.localis what is used for Bonjour/Zeroconf. Commented Feb 16, 2016 at 10:07
I don't personally own an Asus router, and Jonno's answer is very good, but there's another possible way for routers to accomplish this (even if it's not used by your particular one).
Since that page isn't served over HTTPS, it's entirely possible for the router to simply intercept the HTTP request and answer it without talking it any external server. Asus routers have been known to redirect pages under some circumstances. Note that if the redirection occurs even without an Internet connection (i.e. with no external DNS), it must be caused by your router's DNS; there's no reason both couldn't be going on, though.
My Netgear home router, for instance, can block domains and keywords (serving a "blocked by Netgear firewall" page) even if I'm not using its DNS. I made sure that it's not intercepting the DNS requests; the name gets resolved correctly, but going to the page in a web browser results in the "blocked" page.
You can test this theory by setting your DNS servers to, say, Google's (8.8.8.8) and pinging the redirected domain name.
-
Very good point. Does this mean you can't block HTTPS domains with the Netgear firewall, or does it have the ability to block using DNS when you're using it and the request intercepted as a fallback?– JonnoCommented Feb 16, 2016 at 6:58
-
2@Jonno The problem is that you can't block HTTPS domains per-se. You can block an IP or a range of IPs, and you can make the DNS server tell you that the IP is different (and therefore "block" it as it'll never find the correct destination), but since the router cannot read the HTTPS packets your only option would be to 1. server an improper certificate giving a "connection untrusted" error page for every website or 2. block port 443 (https) all together. Either are crappy options and have their own issues. Commented Feb 16, 2016 at 9:31
-
1@h2ooooooo I believe it's more accurate to say that something/someone in a privileged position on your network can't block an HTTPS Page. While without a trusted CA, a MITM can't distinguish from the HTTPS traffic information more granular than the server/IP address, the request is likely to be preceded by plain text DNS request that does specify the domain. A modified or negative DNS response could definitely prevent traffic to a specific domain. If a domain really offends, create an empty authoritative zone for it in your DNS.– tjdCommented Feb 16, 2016 at 19:37
-
@tjd You could absolutely simply create a false DNS response as long as you've blocked any non authorized dns servers from the host machines (or even better; don't allow people to change them on company machines) . Commented Feb 16, 2016 at 19:45
Just wanted to add to Jonnos answer that
admin@asus-rt-n18u:/tmp/home/root# grep asus.com /etc/*
/etc/hosts:192.168.201.5 router.asus.com
is how my (and most likely) your router do this. Your router is probably running asuswrt with dnsmasq. You can have shell access (at least via telnet) and look for yourself.
router.asus.comredirects out of the box to192.168.1.1and was included by Asus. It does not resolve to my router IP from outside my local network.