NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Possible very strange issues with DNS on FVS336Gv2 firewall
Hello, I am experiencing a very odd issue seemingly with the firewall here. There is a number of client PCs connecting through the FW and only two are suffering from this odd issue. Each time t...
Going to add a me-too with strange DNS behavior but not isolated so far. Running FW 4.3.3-6.
For the past several months, trying to configure my router to use OpenDNS instead of the Comcast provided DNS. Changing the DNS under the WAN IPv4 ISP Settings tab was easy. For the LAN, I have Enable DNS Proxy turned on.
Then the behavior starts to mirror yours. Browsing works for a while. I can access the OpenDNS test page and DNS requests seem to be going to OpenDNS. Then after a while pages sporadically start failing to load. Browser times out. Trying again and the same pages load quickly. Checking the OpenDNS test page later, I see that I'm no longer using OpenDNS for DNS requests (yes, I'm clearing my caches and related). The FVS336G has looks like it has "fallen over" to another DNS. There is no indication this has happened. I consider this a bug and possible serious security hole.
I need to do more debugging, changing DNS configurations, swapping computers and maybe the router like you did to try to isolate the problem. Web searches claim that Comcast is not blocking OpenDNS which was my first suspicion. But this silent DNS fall over is bad.
Hi Alohadog,
Please go to Security -> Firewall -> Attack Checks and untick the "UDP Flood detection" if enabled. The thresholds may be a bit low for modern browsing which can cause legit traffic to be blocked... Most common symptom of UDP flood detection kicking in would be that DNS requests are no longer going through.
Thanks of the suggestion. It helped but did not solve the problem of the router falling over to another DNS. Instead of falling over in a day, it now takes 2 or 3 days. I need to find some time when I can take my network down, remove the router, and connect a computer directly to the modem and run some scripts to see what kind of responses I get to OpenDNS requests.
That still leaves the problem of the router falling over to an unknown DNS without any indication in either the status dialogs or the DNS log. I would bet the NSA loves that :-). Is there a bug report on that?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
