ISP reports I have an open dns server running

[Striker317]

My ISP, Rogers, keeps emailing me to say I have a router running a DNS server that is accessible to the entire Internet

https://www.rogers.com/customer/support/article/rogers-terms-of-service-open-dns

If you are using a home gateway or router, it may be possible your router is running a DNS server, which should only be accessible to the devices inside your home. If configured incorrectly, however, it may be accessible to the entire Internet.

Is there something I need to configure with AsusWRT/Merlin firmwares to prevent this?

 

[ColinTaylor]

You wouldn't normally have DNS exposed to the internet unless it's something you have deliberately setup yourself.

If you go to http://canyouseeme.org/ and scan for port 53 do you get anything?

UDP scans are a bit more difficult. Try this with your WAN address (open|filtered is OK )

https://hackertarget.com/udp-port-scan/

 

[Striker317]

You wouldn't normally have DNS exposed to the internet unless it's something you have deliberately setup yourself.

If you go to http://canyouseeme.org/ and scan for port 53 do you get anything?

UDP scans are a bit more difficult. Try this with your WAN address (open|filtered is OK )

https://hackertarget.com/udp-port-scan/

When I scan port 53 on my ISP assigned IP address, it is closed (which is intended)
When I scan from the computer that is connected through the VPN Client on the router, port 53 is open (which I sense isn't intended).

These are my VPN settings

 

[john9527]

When I scan from the computer that is connected through the VPN Client on the router, port 53 is open (which I sense isn't intended).

Can't really read your screenshot (break it into multiple pieces in the future), but it looks like it may be PIA.
If so, that's expected. When you test from a connected VPN client with the router acting as client, you are testing your providers VPN server not your ISP connection.

 

[ColinTaylor]

When I scan port 53 on my ISP assigned IP address, it is closed (which is intended)

Are you getting "closed" from the UDP port scan like in the example below? If so that might indicate a problem (you want to see one of the filtered states).

Starting Nmap 7.40 ( https://nmap.org ) at 2018-08-16 12:29 UTC
Nmap scan report for 82.28.xxx.yyy
Host is up (0.082s latency).
PORT      STATE         SERVICE
53/udp    closed        domain
69/udp    open|filtered tftp
123/udp   open|filtered ntp
161/udp   open|filtered snmp
1900/udp  open|filtered upnp
5353/udp  open|filtered zeroconf
11211/udp open|filtered memcache

Nmap done: 1 IP address (1 host up) scanned in 1.95 seconds

A "closed" state is what you would get if you had a port forwarding rule setup for port 53/udp but there was nothing listening on it at this moment. This would be a concern. Check the port forwarding on your router (System Log > Port Forwarding). It's more likely that this would be something that a PC application has setup through UPnP rather than a configuration of the router IMHO.

You could also try issuing the following command on the router to see what interfaces it has that are listening on port 53.

# netstat -anp | grep ":53 " | sort -k4
udp        0      0 10.8.0.1:53             0.0.0.0:*                           1385/dnsmasq
tcp        0      0 10.8.0.1:53             0.0.0.0:*               LISTEN      1385/dnsmasq
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1385/dnsmasq
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1385/dnsmasq
udp        0      0 192.168.1.1:53          0.0.0.0:*                           1385/dnsmasq
tcp        0      0 192.168.1.1:53          0.0.0.0:*               LISTEN      1385/dnsmasq

Here you can see dnsmasq is listening on the LAN (192.168.1.1), loopback (127.0.0.1) and VPN server (10.8.0.1) interfaces.