
TP-Link Loses Control Over Router Configuration Domain - uptown
https://threatpost.com/top-router-maker-tp-link-loses-control-over-configuration-domain/119072/
======
devy
Repost. Link to earlier discussions:
[https://news.ycombinator.com/item?id=12042102](https://news.ycombinator.com/item?id=12042102)

~~~
marak830
Thanks, I would have missed that otherwise :-)

------
giancarlostoro
It always somewhat bugged me they used an actual domain for this, was there no
other alternative like using a fake TLD? I'm not sure of what a router is
entirely capable of doing, but if you could filter a request to
"configure.tplink" or something that would make it far less likely to hijack
the domain, that and the fact the domain didn't always work every time I would
try it... or I couldn't remember it at times.

~~~
kevinoconnor7
Why is that an issue? Owning the domain is the correct thing to do. They just
screwed up by losing ownership of it.

~~~
giancarlostoro
Owning the domain isn't my issue, using one that doesn't always work is my
issue. They could of used a hostname or something else that the router picks
up?

------
kentt
This is not quite bad, but it's made worse by the idea that users should have
no control over the firmware they run see:
[http://arstechnica.com/information-technology/2016/03/tp-
lin...](http://arstechnica.com/information-technology/2016/03/tp-link-blocks-
open-source-router-firmware-to-comply-with-new-fcc-rule/)

------
lisper
The most incredibly stupid thing about this is that the router needs at least
one IP address to be hard-coded into it anyway, if for nothing else than to be
a pointer to the root DNS server. So TP-Link gains absolutely nothing by re-
directing through DNS. The only difference between having a hard-coded IP
pointing to a TP-Link server and a hard-coded IP pointing to a public DNS
server is that TP-Link doesn't control the public DNS server. So this was
already a stupid design decision even before they lost the domain.

