"Default DMZ host" feature breaks DHCP on BR200 (and the engineering says it will stay that way)

Hello everyone

First off, let me clarify how I excpect the DMZ feature on a consumer router to work and how it was functioning on each and every home router I was using for the past 15 years or more. I acknowledge this is quite different to how the DMZ term is undestood by the "seriuos" networking community, to the point of being considered a bit of a misnomer. Despite marketing of BR200 as a "business" device by Netgear, its characteristics and feature-set puts it squarely in the "home/SMB" category in regards to how DMZ should be understood as far as I'm concerned.

With that out of the way, this is how I'm used for the DMZ (on a home/"prosumer" router) to function, in order of priority, as seen from the point of view of a network packet arriving at the WAN interface:

• All the traffic essential to the basic functioninig of a network is managed by the built-in rules that are invisible to and immutable by the user. As we're talking NATting devices here, that includes all the WAN-side DHCP traffic so the router is always able to request and renew its DHCP lease from the ISP.
• All the incoming traffic that is related to- or a response to connections originating from LAN, as being tracked by the state tables.
• Any port forwarding rules as defined by the user, uPNP LAN clients, etc.
• Anything else not matching any of the above either gets dropped/denied or forwarded to the "DMZ host" if one is defined.

So here I was, with my serious, brand new BR200. All was well until it was due for the router to renew its DHCP lease from the ISP at which time all the Internet connectivity was going down. Only a reboot was solving the issue so I've opened a support case and for the time being, got the router connected via smart plug so I could kill and re-enable the power to it automatically every night. In total, the back-and-forth with the support took over 50 days during which some ideas were tried and they had support access to my device enabled most of the time so they were free to look around. In the end that was me who found DMZ to be the culprit - when you have "Default DMZ host" enabled, all the traffic not covered by explicit port forward rules ends up being forwarded to DMZ, including WAN-side DHCP offers. And so I've updated the case. The Netgear engineering response arrived and stated that, lo and behold, this is the expected behavior and they have no intentions to change that. They referred me to https://kb.netgear.com/25891/DMZ-on-NETGEAR-routers which apparently is somehow supposed to explain that this is how it is supposed to work. I asked them how one goes about creating a port forwarding rule for traffic intended at WAN side using GUI that takes a LAN IP address as the destination and will update you with their answer. 

I'm done. The ilussion of a solid "business" class device that just does its intended job quietly and reliably is gone. I have since moved to OPNsense and couldn't be happier with my choice. So all is for the better... I guess? 

Lastly, I would like to ask you not to dismiss all this by just stating that "DMZ host" is unsecure and a generally bad idea no one should be using in the first place. I strongly feel there are valid scenarios to use it like in my case, where the "DMZ host" is a Synology NAS device that features its own comprehensive firewall that is easier and more flexible to manage than the one on a router so for me it makes sense for "everything else" to just be targeting that host.

Regards,

Zbig