So, this is more a post regarding security. I recently added a MagicHome RGB LED controller to my HA setup, and all is working fine. However, I did a port scan on it, and found the one and ONLY port open was DNS port 53 with BIND DNS server running.
I did a nslookup and set my server to the local address of this controller and sure enough, its resolving hostnames just as a DNS server would. So this leads me to my next question. Why does a LED controller sitting on my network need to be a DNS server? To me this is dodgy AF! Your thoughts and opinions.
Is the controller acting like a bridge from your network to a private network that has it own internal addresses? Then I could see it assigning IP addresses in the secondary network to the strips.
Many NVR camera systems act this way. While the NVR is in your IP addresses, the NVR has a built in mechanism in like 192.168.100.* for the individual cameras.
They used to have a lot of the default services turned on including port 80 running a webserver. They were removed and port 53 was filtered in a firmware update a few years ago.
I’m surprised you have one that still responds on 53 as it likely has old firmware. All the ones I have close the connection right away.
% telnet 192.168.107.211 53
Trying 192.168.107.211...
Connected to 192.168.107.211.
Escape character is '^]'.
Connection closed by foreign host.
Which model and version does it show in the device screen?
That is the newest firmware AFAICT. How did you test the dns resolution? Everything I throw at one with the same firmware drops the connection on port 53.
Hmm ok, well I’ll leave it for now. At least it’s not open on the local scan. Odd for it to have a DNS server running on it regardless though, its nothing more then a client at the best of times. Very strange.
I’m curious about this one