RTRMON Should Port 53 Be Closed?

[dandle]

Hi

I recently installed the RTMON script and ran Diagnostics and noticed that on the WAN0 interface, port 53 TCP/UDP is open. I also notice the same for my local network as well. Is this a cause for concern?

For the past few days I did have Adguard Home installed on my Router and I may be wrong here, but assumed that perhaps this is related? However, I've gone ahead and uninstalled Adguard Home (reinstalled Diversion) but still notice those open ports.

I'm not an advanced user, but is there anything else I need to do from my end or is this normal?

Thanks.

 

[ColinTaylor]

That's normal.


EDIT: Can you post a screenshot of what you're seeing? I may be misunderstanding what you're describing.

 

[dandle]

@ColinTaylor Sure. I've uploaded an example screenshot from the opening post of the RTMON thread to give an idea.

Basically, underneath where it says WAN0 IP for me it shows the following:

53/tcp open domain

I also have the same for the local network too. It's for both tcp and udp.

 

[ColinTaylor]

Ah, OK. Yes that does sound odd. What do you get from this command:

netstat -nlp | grep ":53 "

 

[dandle]

@ColinTaylor

This is what I get, (I've put an x at a few places):

 

[dave14305]

Run

nmap $(nvram get wan0_ipaddr)

and see if it finds it open.

 

[dandle]

Run

nmap $(nvram get wan0_ipaddr)

and see if it finds it open.

This is the output

All 1000 scanned ports on [Redacted] are closed

I take it then it all looks normal then? Looks like it's coming back with all ports closed. But then I don't understand why RTMON lists port 53 as open in the initial screenshot I posted in Post#3?

 

[ColinTaylor]

@ColinTaylor

This is what I get, (I've put an x at a few places):

Post the output again without editing the output. There's nothing sensitive there.

 

[dandle]

Post the output again without editing the output. There's nothing sensitive there.

Sorry, here's the output again.

 

[ColinTaylor]

Sorry, here's the output again.

OK. So my next question is what is 192.168.5.1? Maybe that's what's confusing rtrmon.

 

[dandle]

OK. So my next question is what is 192.168.5.1? Maybe that's what's confusing rtrmon.

That's a guest network I've set up using YazFi

 

[ColinTaylor]

Given the output from you nmap command I'd say it looks like a bug in rtrmon. Is rtrmon consistently showing the WAN port as open or was it a one-off?

Are you using DNS Director?

 

[dandle]

Given the output from you nmap command I'd say it looks like a bug in rtrmon. Is rtrmon consistently showing the WAN port as open or was it a one-off?

Are you using DNS Director?

Yep, each time I check RTMON, it comes back as showing the port as being open consistently.

I've disabled DNS Director and still the same. I will try a Router reboot just to make sure.

 

[dave14305]

Maybe it’s old results.

grep open /jffs/addons/rtrmon.d/nwanres.txt
ls -l /jffs/addons/rtrmon.d/nwanres.txt
date

 

[Viktor Jaep]

@ColinTaylor Sure. I've uploaded an example screenshot from the opening post of the RTMON thread to give an idea.

Basically, underneath where it says WAN0 IP for me it shows the following:



I also have the same for the local network too. It's for both tcp and udp.

Sorry I didn't see this earlier... Based on this screenshot in post #3, you don't have any open ports on your WAN0 interface... your BR0 (bridge/LAN) interface shows open ports, which is completely normal. If it actually did show that port 53 was open under the WAN0 interface, it would show that, but it's returning "none"... but if it did, then I would assume you would have made an inbound exception for your firewall to let 53 through.

 

[ColinTaylor]

Sorry I didn't see this earlier... Based on this screenshot in post #3, you don't have any open ports on your WAN0 interface... your BR0 (bridge/LAN) interface shows open ports, which is completely normal.

That's not his screenshot. He said:

Basically, underneath where it says WAN0 IP for me it shows the following:

53/tcp open domain

 

[dandle]

Ok. After a Router reboot, RTMON is no longer showing port 53 as open under WAN0 IP.

It now shows the text 'none'.

I'm glad to see that's resolved now. Thanks to @ColinTaylor and @dave14305 for your assistance!

But I do wonder why that was there in the first place? Was it legitimately open or a bug? I'm going to go ahead and reinstall Adguard Home again and monitor to see whether the issue comes up again as my first thought initially was related to that

 

[Viktor Jaep]

That's not his screenshot. He said:

Basically, underneath where it says WAN0 IP for me it shows the following:

Ah. Lol... so who's screenshot is that in #3?

 

[Viktor Jaep]

Ok. After a Router reboot, RTMON is no longer showing port 53 as open under WAN0 IP.

It now shows the text 'none'.

I'm glad to see that's resolved now. Thanks to @ColinTaylor and @dave14305 for your assistance!

But I do wonder why that was there in the first place? Was it legitimately open or a bug? I'm going to go ahead and reinstall Adguard Home again and monitor to see whether the issue comes up again as my first thought initially was related to that

There's no bug... I'm using the nmap tool to query the IP of your WAN0... and your BR0 interface. Definitely let us know what you find after reinstalling adguard.

 

[dandle]

Ah. Lol... so who's screenshot is that in #3?

I hope you don't mind it was quicker for me to grab just to show as an example.