Port 53 open and DHCP requests to second WAV

gorstj

Occasional Visitor
I noted during external port scans that my AX86U had an open Port 53 and would respond to DNS requests on 'LAN only' hostnames (used this service https://simpledns.plus/lookup)

I also noted there were multiple DHCP error messages regarding my second WAN conenction.

dnsmasq-dhcp[22886]: no address range available for DHCP request via eth0

I figured out that DNSMASQ was open for business on my primary WAN (which is a PPoE) and secondary WAN (which is just a direct connection)

I made the following adjustment to my /jffs/scripts/dnsmasq.conf

#!/bin/sh
. /opt/share/diversion/file/post-conf.div # Added by Diversion

CONFIG=$1

pc_delete "interface=eth0" $CONFIG
pc_delete "bind-dynamic" $CONFIG
pc_delete interface=ppp0 $CONFIG
pc_delete interface=pptp* $CONFIG

This then closed port 53 externally and stopped the DHCP errors in the log.

Should the default behaviour be to expose DNS and DHCP server to the WAN interfaces?

386.5_2 on AX86U
 

ColinTaylor

Part of the Furniture
Should the default behaviour be to expose DNS and DHCP server to the WAN interfaces?
No, definitely not. It will listen on VPN (server) interfaces, including IPSec though. Maybe it's a bug.

I can't think why interface=eth0 would be in your config file (it could be a requirement for PPPoE perhaps). Can you post the complete original version of dnsmasq.conf.
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top