Orbi WiFi 7 RBE973
Reply

Re: Possible very strange issues with DNS on FVS336Gv2 firewall

david_ba
Aspirant

Possible very strange issues with DNS on FVS336Gv2 firewall

Hello,

 

I am experiencing a very odd issue seemingly with the firewall here.

There is a number of client PCs connecting through the FW and only two are suffering from this odd issue.

Each time they try to open websites there is a major delay and a message can also appear that the website couldnt be opened (indicating to check DNS) and in a moment it will open. If you reopen the same website shortly again it will open up fine quickly (likely because it is cached), but all "new" or better said not cahced ones seem to be facing this issue. I tried changing up the DNS settings, unplugged everything in the way between the PCs and the FW and ended up having a straight connection into the FW and the issue still existed. I tried connecting them onto another line and they worked fine. 

As weird as it is the only reason to me seems to be the firewall but the strangest part about that is that there are other PCs conecting via it and they are not facing this issue at all.

 

I have found a somewhat similar issue in this thread:

https://community.netgear.com/t5/VPN-Firewalls/FVS336GV2-VLANS-and-VOIP-traffic/m-p/1015344#M3879

Here the issue seemed to be down to the FW firmware, we are on the same version actually that was causing this person the issue

(4.3.3-6). There appears to be no newer version actually and I am not too keen to downgrade as I imagine I would have to reconfugure all settings afterwards but if there is no success I might give it a go. Also in the case of this thread it seems all devices connected to the FW were suffering, not just specific ones such as in our case.

 

In the meantime I have prepared a spare firewall and will try to swap it out with the live one out of office hours to see if there is any difference at all.

 

If anyone has any experience with this or suggestions I would be very thankuful. 

Model: FVS336Gv2|PROSAFE DUAL WAN GIGABIT FIREWALL WITH SSL & IPSEC VPN
Message 1 of 5
david_ba
Aspirant

Re: Possible very strange issues with DNS on FVS336Gv2 firewall

If anyone is reading this, just to update in the end I swapped the firewall for another Netgear and all the issues are gone.

 

Whatever it was I assume it must be down to a either a physical fault or issue with firmware (using latest one which actually hasnt been updated for year,, that may well be the issue).

 

Message 2 of 5
Alohadog
Aspirant

Re: Possible very strange issues with DNS on FVS336Gv2 firewall

Going to add a me-too with strange DNS behavior but not isolated so far.  Running FW 4.3.3-6.

 

For the past several months, trying to configure my router to use OpenDNS instead of the Comcast provided DNS.  Changing the DNS under the WAN IPv4 ISP Settings tab was easy. For the LAN, I have Enable DNS Proxy turned on.

 

Then the behavior starts to mirror yours. Browsing works for a while.  I can access the OpenDNS test page and DNS requests seem to be going to OpenDNS. Then after a while pages sporadically start failing to load.  Browser times out. Trying again and the same pages load quickly.  Checking the OpenDNS test page later, I see that I'm no longer using OpenDNS for DNS requests (yes, I'm clearing my caches and related). The FVS336G has looks like it has "fallen over" to another DNS.  There is no indication this has happened. I consider this a bug and possible serious security hole.

 

I need to do more debugging, changing DNS configurations, swapping computers and maybe the router like you did to try to isolate the problem.  Web searches claim that Comcast is not blocking OpenDNS which was my first suspicion.  But this silent DNS fall over is bad.

Model: FVS336Gv2|PROSAFE DUAL WAN GIGABIT FIREWALL WITH SSL & IPSEC VPN
Message 3 of 5
Danthem
NETGEAR Employee

Re: Possible very strange issues with DNS on FVS336Gv2 firewall

Hi Alohadog,

 

Please go to Security -> Firewall -> Attack Checks and untick the "UDP Flood detection" if enabled. The thresholds may be a bit low for modern browsing which can cause legit traffic to be blocked... Most common symptom of UDP flood detection kicking in would be that DNS requests are no longer going through.

Message 4 of 5
Alohadog
Aspirant

Re: Possible very strange issues with DNS on FVS336Gv2 firewall

Thanks of the suggestion.  It helped but did not solve the problem of the router falling over to another DNS.  Instead of falling over in a day, it now takes 2 or 3 days.  I need to find some time when I can take my network down, remove the router, and connect a computer directly to the modem and run some scripts to see what kind of responses I get to OpenDNS requests.

 

That still leaves the problem of the router falling over to an unknown DNS without any indication in either the status dialogs or the DNS log.  I would bet the NSA loves that :-). Is there a bug report on that?

Model: FVS336Gv2|PROSAFE DUAL WAN GIGABIT FIREWALL WITH SSL & IPSEC VPN
Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 3954 views
  • 2 kudos
  • 3 in conversation
Announcements