- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
How to disable inbound DNS requests?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to disable inbound DNS requests?
Hi. Not sure if this is the right place but...
Around 1pm to 4pm I experience very slow service from anything Google-related, such as Google Docs, Google Search, Google Developers Console, Adwords, Analytics, Gmail, etc. I generally get around it by using Bing! for search but not accessing my emails quickly is getting frustrating so I want to do something about it.
I'm using a Netgear N600 WiFi router (model #D3600), connected via ethernet cable.
I've contacted my ISP and they've said our router is on a 'control list' because it is 'allowing inbound DNS requests' and that is affecting their network. They said that might be affecting Google Services. Where do I go from here? I can't see anything obvious within the router's settings for disabling inbound DNS requests, and have found nothing simple enough for me to understand on the web. Any ideas?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
What the ISP told you is kinda vague. What evidence do they have that your router is allowing inbound DNS requests? What does their control list really do? And does it really only kick in between 1pm and 4pm?
As to blocking inbound DNS requests, the router should already be doing that unless one or more of the following are true:
- You have a DNS server and you have either put it in the DMZ or opened port 53 to it.
- There's a bug in the router's firmware.
If, by chance, the ISP's control list is tied to your router's IP address, you can try using the MAC address cloning feature in WAN Setup to trigger the assignment of a new IP address. This may get your router off of the control list. But if your router or network really is doing something improper with DNS, then they may block you, again.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
Thanks. I think I'll try and get a bit more information from them about this control list. We have a static IP address as we're a business user, so would the advice on getting a new one still work?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
Ahh, no. With a static IP, you would need to ask the ISP to assign you a new address. And they probably wouldn't be too inclined to do that.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
I've called again and asked them for more information about the inbound DNS requests and the person I spoke with said he didn't have more information. Instead, he said he'd forward the ticket to their network department. Hopefully I'll find out more that way. The control list is what they call their "Access Control List" and as far as he was aware it ran all the time, not just during the afternoons.
Typically, as it happened I couldn't use the web (well, ironically, I could still use Gmail in Firefox) because I was getting DNS server errors. That seemed to clear up while he ran a line check (as I was on the phone).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
I've had a good reply from our ISP. What would you recommend I do next?
Clive had requested evidence from our end that the router was acting as a DNS relay. We can tell this by running a command called "dig" using your IP address to google's website. If we get a reply from this, it suggests your router is acting as a DNS relay. Below is the test in question:
$ dig A www.google.com @##.###.###.###
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> A www.google.com @##.###.###.###
;; global options: +cmd
;; Got answer:
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 52 IN A 62.164.169.152
www.google.com. 52 IN A 62.164.169.185
www.google.com. 52 IN A 62.164.169.154
www.google.com. 52 IN A 62.164.169.174
www.google.com. 52 IN A 62.164.169.155
www.google.com. 52 IN A 62.164.169.170
If your router has been compromised, we would recommend replacing the router. If your router is set to act as a DNS relay this may be something you can turn off in the configuration settings for the router.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
##.###.###.### is our IP address, yes.
So it sounds like I need to get Netgear involved? How would you recommend I do that?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
If you want to go through official support channels, then you could start here.
Or we could see if one of the employees/moderators here will look into this informally. Like @ElaineM.
Summary of issue: ISP claims that OP's D3600 is forwarding DNS queries that arrive from the WAN port to a DNS server. This is not only against the ISP's policy, but the router's firewall should be dropping such queries. This sounds like a bug.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
Thank you, though I have to say the slow Google problem seems to have disappeared since I called the ISP about all this....
Will look forward to Elaine's findings.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
Looking at official support channels, it looks like I have to pay as more than 90 days have passed since I bought the router. I don't see why I should pay to find a fix to what appears to be an issue with the router firmware. Are the community forums the best I can expect? If so, it looks like I may as well just buy a new router and it won't be a Netgear one - nor will anything else I buy in the future. @ElaineM can you help?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
I can confirm this issue. Im the 2nd mentioned above (and the idiot who forgot my static route on my server 😉
I have a D3600/n600 adsl modem too and Im seeing the same thing.
Hardware Version | D3600 (A) |
Firmware Version | V1.0.0.59_1.0.1 |
GUI Language Version | V1.0.0.15 |
In the following example, my home ip address is yy.yy.yy.162 and my external server's address is xx.xx.xx.48 and you can see here in this network dump that the two dns requests gets sent on port 53 and my home ip address answers.
root@externalhost / # tcpdump -n host yy.yy.yy.162 and port 53 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 23:43:08.790399 IP xx.xx.xx.48.33430 > yy.yy.yy.162.53: 45248+ A? netgear.com. (29) 23:43:09.281023 IP yy.yy.yy.162.53 > xx.xx.xx.48.33430: 45248 2/0/0 A 54.200.99.0, (61) 23:43:11.127036 IP xx.xx.xx.48.33430 > yy.yy.yy.162.53: 35137+ A? netgear.com. (29) 23:43:11.414474 IP yy.yy.yy.162.53 > xx.xx.xx.48.33430: 35137 2/0/0 A 54.218.118.186, (61) 4 packets captured 4 packets received by filter 0 packets dropped by kernel
As to modem settings, i have no:
* advanced/security/blocked services
* advanced/security/blocked sites
* advanced/advanced setup/port forwards or triggers
Sometimes the first request does seem to time out (about 30% of the time?) but subsequent requests do suceed.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
That's pretty solid evidence. If I owned a D3600, I would stop using it immediately, especially if I was experiencing high data usage.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
I have sent a follow-up email on this.
@mambo2010 & @cameronb Kindly register your devices for us to log the case.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
Sorry, is this a silly question - where/how am I supposed to register my device?
Forget that. Answered my own question - register here within the My Netgear section. I've done that but had to make up the purchase date as I don't know it. Hopefully I'll be able to update when accounts are back.
Registered.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
Still happens in
Router Firmware Version
V1.0.0.61_1.0.1
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
I have sent another follow-up on this case.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: How to disable inbound DNS requests?
Thanks.
I think i need to find something that runs openwrt so i can have more control over this stuff. I was just reading about https://nakedsecurity.sophos.com/2016/12/14/netgear-router-remote-control-bug-what-you-need-to-know/ gaah.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more