×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Open DNS Resolver on IPv6

einbecker
Aspirant
Aspirant
‎2024-03-23 01:00 PM
‎2024-03-23 01:00 PM

Open DNS Resolver on IPv6

All,

 

I am using an Orbi AC3000 RBR50, with latest firmware (V2.7.4.2), as my router. I am on a Vodafone Cable network in Germany/NRW, and the cable modem is set to bridge mode, so the router is directly connected to the internet over its WAN port. 

 

Since a couple of weeks, I get security warning emails and detailed logs from my ISP, stating that via my public IPv6 address (of the router), there is an open DNS resolver. The reports come from autoreports@shadowserver.org and reports@reports.cert-bund.de. If I connect via ssh to a server I have that is on the internet, I can validate via "dig" that indeed there is a public DNS server available over that IPv6 address. 

 

Is there any way to disable this? I have not been able to change this in any of the Orbi settings... Thanks for your help!

 

Cheers,

Tobias

Message 1 of 3
0 Kudos
Reply
einbecker
Aspirant
Aspirant
‎2024-03-23 03:26 PM
‎2024-03-23 03:26 PM

Re: Open DNS Resolver on IPv6

Sorry, somehow the update feature of the Orbi did not know that there was a newer firmware. Updated to latest firmware (V2.7.5.4) but still the same issue (with dig from server of the internet, there clearly is an Open DNS resolver at the IPv6 address of the Orbi router...)

Message 2 of 3
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2024-03-23 04:41 PM
‎2024-03-23 04:41 PM

Re: Open DNS Resolver on IPv6

It indeed comes as a surprise to owners of the RBR50 router that the firmware released in Feb, 2023 is not yet detected by the Firmware Update feature of the router/app.

 

This is indeed a puzzle.  One would think that every Netgear router in the world would exhibit the same behavior.  That they do not seems to indicate that there is something different about this particular router/network.


We know that the Orbi firewall ignores all IPv4 connection attempts, unless the user has specifically Forwarded ports to internal IPs. 

 

IPv6 options are defined in the Orbi web access, Advanced Tab, Advanced Settings menu... IPv6.

My RBR50 options are:

  • Connection Type: DHCP
  • User Class: (Blank)
  • Domain Name (Blank)
  • Domain Name Servers are IPv6 versions of CloudFlare and Google
  • LAN Setup Autoconfig
    Enable RIPng  (On)
  • IPv6Filtering (Open)
    (I notice that the "Help" information for this screen does not mention the IPv6Filtering option or suggest why one would want it to be "Open" or "Secured"

 

Message 3 of 3
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 2 replies
  • ‎2024-03-23 01:00 PM
  • 272 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 7