Topic: DNS packets dropped at firewall (Read 19128 times)

mtroxel · « **on:** June 25, 2014, 07:47:07 AM »

15 users behind a Server 2012 DNS server. Lots of "webpage cannot be displayed". Hit the refresh button and it pops right up. Turn on DNS logging in the server, and lots of DNS packets time out. Put my laptop into the firewall, set the DNS to 8.8.8.8 or 4.2.2.2 and I get the same symptoms. Plug my laptop straight into Comcast's router (which is set as a bridge) and everything is happy.

It's obvious this is the dead end. I have the latest firmware, 1.09B38_WW. When I search the logs for port 53, I see a lot of this:

[DSR-500][Kernel][KERNEL] same_src : Invalid address same_src : Invalid address [] LOG_PACKET[ALLOW] IN=SELF OUT=LAN SRC=192.168.50.1 DST=192.168.50.2 PROTO=ICMP TYPE=3 CODE=3 SRC=192.168.50.2 DST=75.75.76.76 PROTO=UDP SPT=63121 DPT=53

192.168.50.1 is the firewall, 192.168.50.2 is my server, 75,75.76.76 is Comcast's DNS.

FurryNutz · « **Reply #1 on:** June 25, 2014, 08:18:56 AM »

What Hardware version is your router? Look at sticker under router.
What region are you located?

Is there a DNS relay feature on this router? If so, try to disable it and test again.

mtroxel · « **Reply #2 on:** June 25, 2014, 08:25:47 AM »

Quote from: FurryNutz on June 25, 2014, 08:18:56 AM

What Hardware version is your router? Look at sticker under router.

Not on site, but when I remote in the http interface says Hdwr ver A1

Quote from: FurryNutz on June 25, 2014, 08:18:56 AM

What region are you located?

Minnesota, USA

Quote from: FurryNutz on June 25, 2014, 08:18:56 AM

Is there a DNS relay feature on this router? If so, try to disable it and test again.

No, its disabled.

FurryNutz · « **Reply #3 on:** June 25, 2014, 08:44:49 AM »

Was a factory reset, update FW, factory reset then set up from scratch performed when updating FW?

I recommend that you phone contact D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.

mtroxel · « **Reply #4 on:** June 25, 2014, 08:58:51 AM »

No, did not start over when I did the FW update. I've got two other firewalls VPN'd to this and that would be a real pain. I'll try Dlink phone.

FurryNutz · « **Reply #5 on:** June 25, 2014, 09:09:53 AM »

Let us know how it goes.

mtroxel · « **Reply #6 on:** June 26, 2014, 12:49:23 PM »

For anyone else finding this in a search, I think I'm on it. Dlink had me go to Advanced> Advanced Network> Attack Checks. Uncheck these two boxes:

WAN:
Block TCP flood

LAN:
Block UDP flood

Hit save, then test. My DNS lookups are noticeably faster, and I have not seen an error in either the firewall or my server's DNS monitoring.

FurryNutz · « **Reply #7 on:** June 26, 2014, 12:52:05 PM »

Awesome info and thank you for sharing.
Glad it's working better now.

Enjoy.

D-Link Forums

News:

Author Topic: DNS packets dropped at firewall (Read 19128 times)

mtroxel

DNS packets dropped at firewall

FurryNutz

Re: DNS packets dropped at firewall

mtroxel

Re: DNS packets dropped at firewall

FurryNutz

Re: DNS packets dropped at firewall

mtroxel

Re: DNS packets dropped at firewall

FurryNutz

Re: DNS packets dropped at firewall

mtroxel

Re: DNS packets dropped at firewall

FurryNutz

Re: DNS packets dropped at firewall (RESOLVED)