1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

ISP reports I have an open dns server running

Discussion in 'Asuswrt-Merlin' started by Striker317, Aug 15, 2018.

  1. Striker317

    Striker317 Regular Contributor

    Joined:
    Dec 18, 2015
    Messages:
    85
    My ISP, Rogers, keeps emailing me to say I have a router running a DNS server that is accessible to the entire Internet

    https://www.rogers.com/customer/support/article/rogers-terms-of-service-open-dns

    If you are using a home gateway or router, it may be possible your router is running a DNS server, which should only be accessible to the devices inside your home. If configured incorrectly, however, it may be accessible to the entire Internet.

    Is there something I need to configure with AsusWRT/Merlin firmwares to prevent this?
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,368
    Location:
    UK
    You wouldn't normally have DNS exposed to the internet unless it's something you have deliberately setup yourself.

    If you go to http://canyouseeme.org/ and scan for port 53 do you get anything?

    UDP scans are a bit more difficult. Try this with your WAN address (open|filtered is OK ;))

    https://hackertarget.com/udp-port-scan/
     
    Last edited: Aug 15, 2018
    Makaveli likes this.
  4. Striker317

    Striker317 Regular Contributor

    Joined:
    Dec 18, 2015
    Messages:
    85

    When I scan port 53 on my ISP assigned IP address, it is closed (which is intended)
    When I scan from the computer that is connected through the VPN Client on the router, port 53 is open (which I sense isn't intended).

    These are my VPN settings

    [​IMG]
     

    Attached Files:

    Last edited: Aug 15, 2018
  5. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    5,595
    Location:
    United States
    Can't really read your screenshot (break it into multiple pieces in the future), but it looks like it may be PIA.
    If so, that's expected. When you test from a connected VPN client with the router acting as client, you are testing your providers VPN server not your ISP connection.
     
    Last edited: Aug 15, 2018
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,368
    Location:
    UK
    Are you getting "closed" from the UDP port scan like in the example below? If so that might indicate a problem (you want to see one of the filtered states).
    Code:
    Starting Nmap 7.40 ( https://nmap.org ) at 2018-08-16 12:29 UTC
    Nmap scan report for 82.28.xxx.yyy
    Host is up (0.082s latency).
    PORT      STATE         SERVICE
    53/udp    closed        domain
    69/udp    open|filtered tftp
    123/udp   open|filtered ntp
    161/udp   open|filtered snmp
    1900/udp  open|filtered upnp
    5353/udp  open|filtered zeroconf
    11211/udp open|filtered memcache
    
    Nmap done: 1 IP address (1 host up) scanned in 1.95 seconds
    A "closed" state is what you would get if you had a port forwarding rule setup for port 53/udp but there was nothing listening on it at this moment. This would be a concern. Check the port forwarding on your router (System Log > Port Forwarding). It's more likely that this would be something that a PC application has setup through UPnP rather than a configuration of the router IMHO.

    You could also try issuing the following command on the router to see what interfaces it has that are listening on port 53.
    Code:
    # netstat -anp | grep ":53 " | sort -k4
    udp        0      0 10.8.0.1:53             0.0.0.0:*                           1385/dnsmasq
    tcp        0      0 10.8.0.1:53             0.0.0.0:*               LISTEN      1385/dnsmasq
    udp        0      0 127.0.0.1:53            0.0.0.0:*                           1385/dnsmasq
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1385/dnsmasq
    udp        0      0 192.168.1.1:53          0.0.0.0:*                           1385/dnsmasq
    tcp        0      0 192.168.1.1:53          0.0.0.0:*               LISTEN      1385/dnsmasq
    Here you can see dnsmasq is listening on the LAN (192.168.1.1), loopback (127.0.0.1) and VPN server (10.8.0.1) interfaces.
     
    Last edited: Aug 16, 2018
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!