DNS (Port 53) listening on WAN, Beryl AX (GL-MT3000)

Technical Support for Routers
1

Using either stable 4.2.2 or beta 4.2.3 release1, DNS is listening and responding on the WAN interface. While this should be implicitly blocked, even creating an explicit rule does not block tcp 53 from the WAN interface.

Snapshot 4.3.2 2023-06-20 12:53:33 (UTC-05:00) does not exhibit this behavior. No other versions tested.

Steps to reproduce:

  1. Factory reset device.
  2. Connect to WiFi network with Repeater mode (example: “public_wifi”)
  3. nmap the Beryl AX from “public_wifi”
  4. nslookup/dig using Beryl AX as server, from “public_wifi”

beryl_scan
beryl_scan775×476 13.2 KB

2

I have just tested 4.2.3 release 1.

I used both cable from wan to main router’s lan and repeater.

I don’t have 53 open on the wan side.

image
image772×607 12.7 KB

3

Thank you for confirming the issue is on my end. I’ve been so focused on finding the error in the MT-3000 software that I neglected to consider the network configuration may be the issue, which it was. It was determined that all port 53 traffic is being redirected to the DNS server on the network. Thanks again, alzhao.