Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Open DNS Resolver

Go to solution
Redlinexyzzy
Tuning in

on ‎08-11-2023 10:20

Long story short(ish) - I recently changed my old router after a situation where my original started to fail DHCP requests. I also ended up with a new hub, but, the installer was also seeing that problem that he couldn't immediately fix.

Since that router change I also started to receive Open DNS resolver messages and letters from VM. The config was a mirror of what I previously used with minimal WAN side services being used. Tests showed that port 53 wasn't open, yet, my router was indeed continuing to respond to and serving incoming DNS requests (checked from multiple IP addresses using nslookup). I did many tests including removing all devices on my local network, yet, the external DNS responses were still given.

I raised the issue with the vendor and had no success so far and have asked for escalation today.

Yesterday I SSH'd into the router and analysed what ports on which IP addresses were being monitored, and indeed, both my primary WAN and backup WAN connections were listed. This is from inside the router, not an external view.

I have found a config on the router where the DNS provides only Server Fail messages, but this still leaves other vulnerabilities and probably ongoing messages and letters from VM. I suspect that it revolves around defining which DNS my internal devices use (having had numerous problems previously with VM DNS).

I won't name the vendor and router yet, but, I think I may need to do that soon to get some attention from them. However, I see a number of other posts about the same manufacturer. 

I know their emails and letters will be automatically generated, but, there is little point in keeping on telling me while I try to mitigate and fix the problem.
Is there any way of advising VM that I am aware of the problem and am dealing with it? 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
efpk1959
On our wavelength
In response to Redlinexyzzy

on ‎21-11-2023 12:17

Yes it is.  I have just been in touch with retailer and they have agreed to a refund, as long as I have a case number from the manufacturer showing that I have tried to resolve the issue with their technical department.

See where this Helpful Answer was posted

0 Kudos
9 REPLIES 9

Go to solution
Gareth_L
Forum Team
Forum Team

on ‎09-11-2023 10:41

Hello Redlinexyzzy.

Thank you for your post.

With this being a 3rd party device, it would be best to continue with your current contact methods.

Can you please keep us updated on how you get on.

Gareth_L

0 Kudos

Go to solution
efpk1959
On our wavelength

on ‎11-11-2023 19:09

I too have received emails and letters from Virgin Media about Open DNS Resolver after installing a new router.  I have done test on Openresolver.com and that shows no issue.  I have also tested port 53, which is closed.  I have now gone back to my old  TP-Link router, as I received another email from VM 2 days ago.  I don’t know how to fix the problem.  I have configured OpenVPN server and Instant Guard VPN on the new router, other than that most other settings are default.  It has never been an issue on the old router.

0 Kudos

Go to solution
Redlinexyzzy
Tuning in
In response to efpk1959

on ‎11-11-2023 20:28

Just because port 53 doesn't report as open, it doesn't mean that DNS requests to your IP address are rejected. I previously did a port scan across all common ports against my router. Nothing showed as open.

If you can, get someone to run a terminal command nslookup using the format 

nslookup URL (eg bbc.co.uk) your_IP_address

If you get any response, your router is still processing DNS requests on port 53. You can do it from your own network, but, that may not be conclusive. If you do get a response, turn off every device on your network so only the router is running and redo the nslookup. That will prove you don't have any internal devices running a DNS service. I also logged into my router using SSH and showed that the linux OS was listening to port 53 on my WAN IP address. dnsmasq is the process that runs DNS on may systems. That had a major vulnerability problem in 2021. In theory, that has been fixed on the version of firmware I have, but, two other major vulnerabilities still exist. The vendor has been somewhat less than interested in either accepting the problem or doing something about it. I have passed the information onto a personal contact at GCHQ. Having vendors put product out that can be compromised on a large scale is something I think they may take an interest in. I also expect that VM are passing on the details of their testing although they would never admit it.

0 Kudos

Go to solution
efpk1959
On our wavelength
In response to Redlinexyzzy

on ‎20-11-2023 19:53

Thank you for the reply.

I have done as you suggested and it is definitely the router that is at fault.  I have been on to the manufacturers technical support over the past two to three weeks, and I don’t think they know what the problem is.  I have changed settings they suggest and the problem still persists.  I have done exactly the same tests on my old TP-Link router and that is fine.  I will wait for a new firmware update before I try the new router again.

0 Kudos

Go to solution
Redlinexyzzy
Tuning in
In response to efpk1959

on ‎20-11-2023 20:37

Wouldn't be Asus by any chance?

Have seen others have this problem but they were quickly resolved with firmware updates.

0 Kudos

Go to solution
efpk1959
On our wavelength
In response to Redlinexyzzy

on ‎21-11-2023 12:17

Yes it is.  I have just been in touch with retailer and they have agreed to a refund, as long as I have a case number from the manufacturer showing that I have tried to resolve the issue with their technical department.

0 Kudos

Go to solution
Redlinexyzzy
Tuning in
In response to efpk1959

on ‎21-11-2023 13:50

Thanks. Time to raise the heat under them. 

0 Kudos

Go to solution
Matthew_ML
Forum Team
Forum Team
In response to Redlinexyzzy

on ‎22-11-2023 14:05

Thank you for reaching out with some advice, is everything okay for you Redlinexyzzy? 

Matt - Forum Team


New around here?

0 Kudos

Go to solution
Redlinexyzzy
Tuning in
In response to Matthew_ML

on ‎10-12-2023 10:13

I have finally determined the cause of the problem, and, it is potentially a big one.

Asus supplied me with a beta upgrade to try and fix the problem. It didn't. So, I did a factory reset and then slowly rebuilt my config by hand, and, at each stage, checked when and where the problem arose. The result was startling and alarming although it is likely to affect very few more advanced users.

Anyone using VPNs on Asus routers, check your configuration. If you specifically define the DNS IPs for use on incoming VPNS the router sets up DNS listening on the incoming WAN using your routers WAN DNS config, not on the incomingVPN connections themselves. This opens a massive security flaw in your security, and, specifically enhanced security that you have set up for yourself. Once this DNS port 53 listening on the incoming WAN is set up, there is no way of configuring it out short of a factory reset. 

The only way of mitigating this without that reset on VM is to apply DNSSEC with validation on the VM DNS service. VM doesn't support DNSSEC - The router then doesn't serve any DNS requests although it is still listening and responding with Server Fail. My LAN uses different DNS but not all devices support that under DHCP setup. That is why I wanted DNS config for incoming VPN connections.

Asus have been advised but yet to respond.

0 Kudos
Top