on 13-12-2022 15:04
Hi all,
I have my Virgin Media hub set up as a modem and use my own router. I upgraded the router recently (go Black Friday) and since then I've been receiving warnings from VM about an open DNS resolver on my network.
It appears my router (Netgear RAXE300) leaves UDP port 53 open (all the TCP ports are closed). There is no DNS resolver behind it (I tried it) so there's no danger of any malicious traffic from it but does anyone know how to close that port. UPnP is disabled, as is WPS, I've only 1 port forwarded and I've tried turning the VPN server off, all to no avail.
Equally, is there a way to let VM know that this isn't an issue and they can stop emailing me about it.
Cheers,
Ian
on 10-09-2023 11:37
New Netgear firmware fixed the issue (curiously related to Access Control...?)
on 08-11-2023 09:56
Long story - I recently changed my old router after a situation where my original started to fail DHCP requests. I also ended up with a new hub, but, the installer was also seeing that problem.
Since that router change I also started to receive Open DNS resolver messages from VM. Tests showed that port 53 wasn't open, yet, it was indeed responding to and serving DNS requests. I did many tests including removing all devices on my local network, yet, the external DNS responses were still given.
I raised the issue with the vendor and had no success so far.
Yesterday I SSH'd into the router and analysed what ports on which IP addresses were being monitored, and indeed, both my primary WAN and backup WAN connections were listed. This is from inside the router, not an external view.
I have found a config on the router where the DNS provides only Server Fail messages, but this still leaves other vulnerabilities and probably ongoing messages and letters from VM.
I won't name the vendor and router yet, but, I think I may need to do that soon to get some attention from them.