Pretty stupid to use a new domain in the first place. A sub domain (ex: hxxp://setup.tplink.com) would be more trustworthy and doesn't have the pesky renewal issue.
> "“The logic behind using [a] domain in the first place, instead of an IP address, is the main problem here,” Dan said in a blog. “Forgetting to buy the domain is the second mistake. "
This doesn't make any sense to me. TP-Link changes hosts and they lose that IP address. A domain name is far better for customers. Unless I'm missing something here?
It's not supposed to be a public domain. They use the domain for the router's internal config page. So instead of going to 192.168.1.1 to configure your router, you can go to tplinklogin.net. Of course, if they don't own the domain, a malicious actor can set it up as an actual public website, where they can phish for router login passwords and such.
Would this domain ever be forwarded to the resolver by a TP-Link router? If you are hardcoding a domain, you should better hardcode it in your hosts list somewhere, rather than relying on the DNS to give you the correct reply. (You may not always have a working DNS server to query)
"Another option would be to get a router that cannot be configured, such as the OnHub router from Google and similar “closed” devices. These ... are accessible through a mobile app."
1) Might depend on service provider handling the domains,
2) Company bureaucracy and organizational incompetence - the one who gets the reminder does not have a clue what it means.
My registrar always sends me a shit-ton of emails before actually canceling a domain. It's actually kind of annoying because sometimes I want to release a domain and there's no way to turn off the reminders. (I still consider this a feature.)
Honest question: why can't TP-Link use internal domain names [1][2] for their router configurations? Since internal domain names are reserved/deprecated from public internet, they should be safe and it should avoid the hassle of public domain name renewals.
I tried and could not find any mention of a TLD for private and general use. Do you refer to the use of a name without a TLD, like "example"? I think while "example." would make up a valid domain name (not sure about that though), it would not be very useful for this purpose as browsers nowadays tend to try to guess if you are entering a search term.
A much more useful approach would be the existence of a reserved TLD for private use analogue to the private IP address space. But it seems like nothing like that has been defined.
Update:
Out of curiosity i did search for some more information if "example." is a valid domain or not...
While technically valid and [0]used for while by some TLD registries, ICANN has [1]forbidden the use of so called dotless domains.
Google planned to use "search." but it was [2]declined.
Do these lookups ever hit public nameservers? Seems to me you're using the router's built-in DNS and it self-reports its own IP address.
This is how Netgear works. routerlogin.com gets resolved locally to the IP of my router. It would be foolish to have it resolved by something on the internet as router setup often involves doing things when the internet isn't working.
That said, its foolish to not have those domains in your back-pocket, but I imagine budget router OEMs are run like shitshows in general and that's probably the least of your problems. Often they just rebadge a reference router made by $no_name_company, no better than an alibaba reseller. I've always considered these cheapo routers to be a sort of bargain with the devil, sure they're cheap and less hassle than setting up pfsense, but you know you're getting a substandard product with no real support and probably more than a couple significant security risks.
I bought two TP-Link extenders about 3-6 months ago. Whenever I visited the addresses in the documentation shipped with the extenders my browser window received dozens of pop unders and redirect loops.
I only found out what the internal web address was by going directly to the website and downloading some firmware software which they supply for debugging.
I got these extenders from Amazon so don't really believe what the article says about timeframes.
I typed in „tplinkextender.net“ a while ago to configure my router (as suggested in the manual) and it opened some malware site. Seems to be fixed now.
Where's the benefit here if I type 192.168.1.1 or some domain name when connecting the router with the network cable ? Fanciness ? I mean the IP is even less characters to type.
Ease of configuration ? Because even if I type the domain name, my connection has to be in the same subnet already manually or via DHCP, since the domain resolves 192.168.1.1.
I guess some manager scored a big raise for this gem.
But I mean, they know how to read letters,numbers and find them on the keyboard to retype them right ? Because if not, there's maybe a time to admit they aren't fit to the job anyway.
It is beyond me to understand how the decision making and maintaining process worked in this case but it makes me wonder why there is no such thing as a TLD for private use. Analogue to private IP address space. Now that TLD can pop up arbitrarily it would be quite useful to have something like that. Maybe .local could already be used for that purpose?!
Hopefully as Windows 10's mDNS implementation stabilizes and becomes more reliable we might finally see cross-platform usage for .local, and devices such as routers could advertise .local names in documentation.
(I've done some dabbling in web applications intended for internet-disconnected networks with somewhat unreliable local DNS servers, such as cruise ship networks, and .local if it worked reliably enough across platforms would probably help a lot instead of trying to pass around IP addresses.)
How would that work? It's an internet connected service that devices from all over the internet are connecting to.
They could hardcode the servers IP, but then they can't ever move their infrastructure (horrible idea). So they do the reasonable thing and put the name in DNS. Where do you imagine the lookup for this .local name being directed, and how will it end up at TP-Link's current management server?
I'm not sure I understand you. TP Link givens the domains an A record using the DNS server running on their routers by default. Publicly it probably either had a default record of 192.168.1.1 or it just didn't have one at all.
Either way, the domain only makes sense locally. This is also why the domains still work even though they no longer own them. Therefore, if there were a local TLD, this would be the proper use-case for it.
If that's how it would work, they wouldn't need to coordinate with anyone else. Just use "login.tplink". Since it's quite unlikely that anyone else would use that TLD, there wouldn't be a problem.
how does a 301 fix a person not understanding how to type a url into the address bar? plenty of people dont understand the difference between searching and directly calling a website.
This serious problem you describe, of cavemen and preschoolers who don't know about URLs, has been solved now for a long time. 301 is part of that solution. The tp-link.com site is perfectly capable of examining Referer and using that information to help tplink users.
However, since we've already established upthread that the router controls everything about the online experience, it would be no problem redirect the first navigation through an unconfigured router to a "wizard" page.
only if you are the first result, and by first result i mean the first ad. people can pay to be the "result above you.
there is no reason to insult the people in their 20's 30's 40's 50's 60's 70's or 80's who are confused about the difference between a search bar and address bar (especially considering the major browsers merge them)
the unified bar has led to a sharp decline in people being able or caring to type correctly configured urls.
I made the assumption that the query for the domain is statically resolved by the local resolver of the device.
I also do not know anything about the configuration of these devices, i just assumed it is just a convenient way to access the local web interface for configuration of the device. If there really is a centralized service on the internet needed to configure the device it would be somewhat problematic to set these devices up or not?
That's probably excessive, it's just an alias for the local IP of the router. Unless you expect some user of your network to type in that URL on a switch or something, which seems a bit far fetched to be honest.
Usually one of the first things I do when I set up a new router is generate two random numbers between 0-254 (say, 218 and 133) and make the local subnet:
10.218.133.0/24
I frequently VPN to other private networks, and when the local/remote address spaces overlap, like when both are 192.168.1.1/24, then the VPN has problems.
