How to disable inbound DNS requests?

What the ISP told you is kinda vague.  What evidence do they have that your router is allowing inbound DNS requests?  What does their control list really do?  And does it really only kick in between 1pm and 4pm?

As to blocking inbound DNS requests, the router should already be doing that unless one or more of the following are true:

1. You have a DNS server and you have either put it in the DMZ or opened port 53 to it.
2. There's a bug in the router's firmware.

If, by chance, the ISP's control list is tied to your router's IP address, you can try using the MAC address cloning feature in WAN Setup to trigger the assignment of a new IP address.  This may get your router off of the control list.  But if your router or network really is doing something improper with DNS, then they may block you, again.

Thanks. I think I'll try and get a bit more information from them about this control list. We have a static IP address as we're a business user, so would the advice on getting a new one still work?

Ahh, no.  With a static IP, you would need to ask the ISP to assign you a new address.  And they probably wouldn't be too inclined to do that.

I've called again and asked them for more information about the inbound DNS requests and the person I spoke with said he didn't have more information. Instead, he said he'd forward the ticket to their network department. Hopefully I'll find out more that way. The control list is what they call their "Access Control List" and as far as he was aware it ran all the time, not just during the afternoons.

Typically, as it happened I couldn't use the web (well, ironically, I could still use Gmail in Firefox) because I was getting DNS server errors. That seemed to clear up while he ran a line check (as I was on the phone).

I've had a good reply from our ISP. What would you recommend I do next?

 

Clive had requested evidence from our end that the router was acting as a DNS relay. We can tell this by running a command called "dig" using your IP address to google's website. If we get a reply from this, it suggests your router is acting as a DNS relay. Below is the test in question:

$ dig A www.google.com @##.###.###.###

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> A www.google.com @##.###.###.###
;; global options: +cmd
;; Got answer:

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 52 IN A 62.164.169.152
www.google.com. 52 IN A 62.164.169.185
www.google.com. 52 IN A 62.164.169.154
www.google.com. 52 IN A 62.164.169.174
www.google.com. 52 IN A 62.164.169.155
www.google.com. 52 IN A 62.164.169.170

If your router has been compromised, we would recommend replacing the router. If your router is set to act as a DNS relay this may be something you can turn off in the configuration settings for the router.

 

##.###.###.### is our IP address, yes.

So it sounds like I need to get Netgear involved? How would you recommend I do that?

If you want to go through official support channels, then you could start here.

Or we could see if one of the employees/moderators here will look into this informally.  Like @ElaineM.  

Summary of issue: ISP claims that OP's D3600 is forwarding DNS queries that arrive from the WAN port to a DNS server.  This is not only against the ISP's policy, but the router's firewall should be dropping such queries.  This sounds like a bug.

Thank you, though I have to say the slow Google problem seems to have disappeared since I called the ISP about all this....

Will look forward to Elaine's findings.

Hi @ElaineM. Did you discover anything?

Looking at official support channels, it looks like I have to pay as more than 90 days have passed since I bought the router. I don't see why I should pay  to find a fix to what appears to be an issue with the router firmware. Are the community forums the best I can expect? If so, it looks like I may as well just buy a new router and it won't be a Netgear one - nor will anything else I buy in the future. @ElaineM can you help?

A second person has reported the same issue here.  @ElaineM, please push Engineering for a response.

I can confirm this issue. Im the 2nd mentioned above (and the idiot who forgot my static route on my server 😉

I have a D3600/n600 adsl modem too and Im seeing the same thing.

Hardware Version	D3600 (A)
Firmware Version	V1.0.0.59_1.0.1
GUI Language Version	V1.0.0.15

In the following example, my home ip address is yy.yy.yy.162 and my external server's address is xx.xx.xx.48 and you can see here in this network dump that the two dns requests gets sent on port 53 and my home ip address answers.

root@externalhost / # tcpdump -n host yy.yy.yy.162 and port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
23:43:08.790399 IP xx.xx.xx.48.33430 > yy.yy.yy.162.53: 45248+ A? netgear.com. (29)
23:43:09.281023 IP yy.yy.yy.162.53 > xx.xx.xx.48.33430: 45248 2/0/0 A 54.200.99.0, (61)
23:43:11.127036 IP xx.xx.xx.48.33430 > yy.yy.yy.162.53: 35137+ A? netgear.com. (29)
23:43:11.414474 IP yy.yy.yy.162.53 > xx.xx.xx.48.33430: 35137 2/0/0 A 54.218.118.186, (61)

4 packets captured
4 packets received by filter
0 packets dropped by kernel

As to modem settings, i have no:

  * advanced/security/blocked services

  * advanced/security/blocked sites

  * advanced/advanced setup/port forwards or triggers

Sometimes the first request does seem to time out (about 30% of the time?) but subsequent requests do suceed.

That's pretty solid evidence.  If I owned a D3600, I would stop using it immediately, especially if I was experiencing high data usage.

I have sent a follow-up email on this. 

@mambo2010 & @cameronb Kindly register your devices for us to log the case. 

registered

Sorry, is this a silly question - where/how am I supposed to register my device?

Forget that. Answered my own question - register here within the My Netgear section. I've done that but had to make up the purchase date as I don't know it. Hopefully I'll be able to update when accounts are back.

Registered.

Still happens in

Router Firmware Version
V1.0.0.61_1.0.1

I have sent another follow-up on this case. 

Thanks.

I think i need to find something that runs openwrt so i can have more control over this stuff. I was just reading about https://nakedsecurity.sophos.com/2016/12/14/netgear-router-remote-control-bug-what-you-need-to-know/  gaah.