
TP-Link forgets to renew two domains used to connect to its networking devices - ptaipale
https://www.yahoo.com/tech/tp-forgets-renew-domains-used-232347754.html
======
koolba
Pretty stupid to use a new domain in the first place. A sub domain (ex:
hxxp://setup.tplink.com) would be more trustworthy and doesn't have the pesky
renewal issue.

~~~
mkj
That requires navigating corporate bureaucracy though!

~~~
falcolas
As an admin who has bought a domain just to work around said bureaucracy
before, all I can do is sigh in understanding.

------
strictnein
> "“The logic behind using [a] domain in the first place, instead of an IP
> address, is the main problem here,” Dan said in a blog. “Forgetting to buy
> the domain is the second mistake. "

This doesn't make any sense to me. TP-Link changes hosts and they lose that IP
address. A domain name is far better for customers. Unless I'm missing
something here?

~~~
robotmlg
It's not supposed to be a public domain. They use the domain for the router's
internal config page. So instead of going to 192.168.1.1 to configure your
router, you can go to tplinklogin.net. Of course, if they don't own the
domain, a malicious actor can set it up as an actual public website, where
they can phish for router login passwords and such.

~~~
captn3m0
Would this domain ever be forwarded to the resolver by a TP-Link router? If
you are hardcoding a domain, you should better hardcode it in your hosts list
somewhere, rather than relying on the DNS to give you the correct reply. (You
may not always have a working DNS server to query)

~~~
syntheticnature
Heck, hardcode a name with an extremely unlikely-to-ever-get-used suffix,
like: routerlogin.tplink

------
akgerber
Hi TP-Link! Remember to renew
[http://tplinkplclogin.net/](http://tplinkplclogin.net/) before 06-May-2018!

------
lisper
"Another option would be to get a router that cannot be configured, such as
the OnHub router from Google and similar “closed” devices. These ... are
accessible through a mobile app."

Wait, what???

~~~
martin_a
That sounds just _so_ wrong for me. I´d not like to have a router that behaves
like that.

------
martin_a
How can you even forget to renew your domain? All of my domains are
automatically renewed for another year if I don´t dismiss them early enough.

~~~
zippergz
Credit card attached to the registrar account expires/gets canceled and the
reminder emails go to an email address no one is monitoring.

~~~
lisper
My registrar always sends me a shit-ton of emails before actually canceling a
domain. It's actually kind of annoying because sometimes I _want_ to release a
domain and there's no way to turn off the reminders. (I still consider this a
feature.)

~~~
marak830
Yeah I'd say feature. Emails are easy to delete, hard to get back a domain you
have lost.

I thought it was annoying as well, then I lost one. Luckily it was something I
could change easily.

In my case, make stupid decisions, get stupid prizes.

------
devy
Honest question: why can't TP-Link use internal domain names [1][2] for their
router configurations? Since internal domain names are reserved/deprecated
from public internet, they should be safe and it should avoid the hassle of
public domain name renewals.

[1]: [https://cabforum.org/internal-names/](https://cabforum.org/internal-
names/)

[2]:
[https://support.comodo.com/index.php?/Default/Knowledgebase/...](https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/722/16/)

~~~
mercora
I tried and could not find any mention of a TLD for private and general use.
Do you refer to the use of a name without a TLD, like "example"? I think while
"example." would make up a valid domain name (not sure about that though), it
would not be very useful for this purpose as browsers nowadays tend to try to
guess if you are entering a search term.

A much more useful approach would be the existence of a reserved TLD for
private use analogue to the private IP address space. But it seems like
nothing like that has been defined.

Update:

Out of curiosity i did search for some more information if "example." is a
valid domain or not...

While technically valid and [0]used for while by some TLD registries, ICANN
has [1]forbidden the use of so called dotless domains. Google planned to use
"search." but it was [2]declined.

[0] [https://tools.ietf.org/html/rfc7085](https://tools.ietf.org/html/rfc7085)

[1]
[https://www.icann.org/news/announcement-2013-08-30-en](https://www.icann.org/news/announcement-2013-08-30-en)

[2] [http://www.zdnet.com/article/icann-kills-google-dotless-
doma...](http://www.zdnet.com/article/icann-kills-google-dotless-domain-
hopes/)

------
nobleach
The number of large companies that forget to renew their domains or SSL certs
is way too high. Haven't these folks heard of calendar reminders?

~~~
kabdib
Calendar reminders to someone that you laid-off six months ago? Sure.

------
0x6c6f6c
Why not setup a routing rule in the router so DNS forwards requests to the
local address instead.

This should be fixable over local DNS settings in the router

~~~
thiagobbt
The real problem is using a public domain. OpenWRT for instance uses
openwrt.lan by default.

------
drzaiusapelord
Do these lookups ever hit public nameservers? Seems to me you're using the
router's built-in DNS and it self-reports its own IP address.

This is how Netgear works. routerlogin.com gets resolved locally to the IP of
my router. It would be foolish to have it resolved by something on the
internet as router setup often involves doing things when the internet isn't
working.

That said, its foolish to not have those domains in your back-pocket, but I
imagine budget router OEMs are run like shitshows in general and that's
probably the least of your problems. Often they just rebadge a reference
router made by $no_name_company, no better than an alibaba reseller. I've
always considered these cheapo routers to be a sort of bargain with the devil,
sure they're cheap and less hassle than setting up pfsense, but you know
you're getting a substandard product with no real support and probably more
than a couple significant security risks.

------
chrisacky
When did this suposeddly happen?

I bought two TP-Link extenders about 3-6 months ago. Whenever I visited the
addresses in the documentation shipped with the extenders my browser window
received dozens of pop unders and redirect loops.

I only found out what the internal web address was by going directly to the
website and downloading some firmware software which they supply for
debugging.

I got these extenders from Amazon so don't really believe what the article
says about timeframes.

------
philfrasty
I typed in „tplinkextender.net“ a while ago to configure my router (as
suggested in the manual) and it opened some malware site. Seems to be fixed
now.

Quite common problem as it seems: [http://forum.tp-
link.com/showthread.php?7518-tplinkextender....](http://forum.tp-
link.com/showthread.php?7518-tplinkextender.net-shows-as-
Framer.DO.229-virus-\(Avira\))

------
tdkl
Where's the benefit here if I type 192.168.1.1 or some domain name when
connecting the router with the network cable ? Fanciness ? I mean the IP is
even less characters to type.

Ease of configuration ? Because even if I type the domain name, my connection
has to be in the same subnet already manually or via DHCP, since the domain
resolves 192.168.1.1.

I guess some manager scored a big raise for this gem.

~~~
kelnos
Because your average user doesn't know what an IP address is and might be
confused by directions that use one.

Then again, a decent amount of people don't know what a hostname is, either,
and find everything through Google anyway.

~~~
tdkl
But I mean, they know how to read letters,numbers and find them on the
keyboard to retype them right ? Because if not, there's maybe a time to admit
they aren't fit to the job anyway.

------
mercora
It is beyond me to understand how the decision making and maintaining process
worked in this case but it makes me wonder why there is no such thing as a TLD
for private use. Analogue to private IP address space. Now that TLD can pop up
arbitrarily it would be quite useful to have something like that. Maybe .local
could already be used for that purpose?!

~~~
throwaway7767
How would that work? It's an internet connected service that devices from all
over the internet are connecting to.

They could hardcode the servers IP, but then they can't ever move their
infrastructure (horrible idea). So they do the reasonable thing and put the
name in DNS. Where do you imagine the lookup for this .local name being
directed, and how will it end up at TP-Link's current management server?

~~~
kevinoconnor7
I'm not sure I understand you. TP Link givens the domains an A record using
the DNS server running on their routers by default. Publicly it probably
either had a default record of 192.168.1.1 or it just didn't have one at all.

Either way, the domain only makes sense locally. This is also why the domains
still work even though they no longer own them. Therefore, if there were a
local TLD, this would be the proper use-case for it.

~~~
jessaustin
If that's how it would work, they wouldn't need to coordinate with anyone
else. Just use "login.tplink". Since it's quite unlikely that anyone else
would use that TLD, there wouldn't be a problem.

~~~
basch
people would type in login .tplink .com

people would type login tplink into google/bing

from a usability standpoint this solution wouldnt work.

~~~
jessaustin
If that's a problem, a simple 301 is the answer.

~~~
basch
how does a 301 fix a person not understanding how to type a url into the
address bar? plenty of people dont understand the difference between searching
and directly calling a website.

~~~
jessaustin
The goalposts, they are a-movin...

 _people would type in login .tplink .com_

[https://www.google.com/search?q=login+.tplink+.com](https://www.google.com/search?q=login+.tplink+.com)
then 301

 _people would type login tplink into google /bing_

[https://www.google.com/search?q=login+tplink](https://www.google.com/search?q=login+tplink)
then 301

This serious problem you describe, of cavemen and preschoolers who don't know
about URLs, has been solved now for a long time. 301 is part of that solution.
The tp-link.com site is perfectly capable of examining Referer and using that
information to help tplink users.

However, since we've already established upthread that the router controls
_everything_ about the online experience, it would be no problem redirect the
first navigation through an unconfigured router to a "wizard" page.

~~~
basch
only if you are the first result, and by first result i mean the first ad.
people can pay to be the "result above you.

there is no reason to insult the people in their 20's 30's 40's 50's 60's 70's
or 80's who are confused about the difference between a search bar and address
bar (especially considering the major browsers merge them)

the unified bar has led to a sharp decline in people being able or caring to
type correctly configured urls.

------
rocky1138
TP-Link makes Google's Hub router, no? Was this router affected by this
outage?

~~~
lstamour
They don't make its software. I have one and didn't notice anything: OnHub
uses its own app to connect to the router.

------
Grishnakh
I have a TP-Link router. It works great with DD-WRT....

------
fabiogo
I heard this yesterday and immediately removed my TP-Link device from the
network.

~~~
ade2
That's probably excessive, it's just an alias for the local IP of the router.
Unless you expect some user of your network to type in that URL on a switch or
something, which seems a bit far fetched to be honest.

------
carlmcqueen
I feel like I'd be lost if I had a TP-Link device, it throws me off when
routers use 192.168.1.1 instead of 192.168.0.1.

~~~
dtemp
So change it :)

Usually one of the first things I do when I set up a new router is generate
two random numbers between 0-254 (say, 218 and 133) and make the local subnet:

10.218.133.0/24

I frequently VPN to other private networks, and when the local/remote address
spaces overlap, like when both are 192.168.1.1/24, then the VPN has problems.

