DNS (Port 53) listening on WAN, Beryl AX (GL-MT3000)

Using either stable 4.2.2 or beta 4.2.3 release1, DNS is listening and responding on the WAN interface. While this should be implicitly blocked, even creating an explicit rule does not block tcp 53 from the WAN interface.

Snapshot 4.3.2 2023-06-20 12:53:33 (UTC-05:00) does not exhibit this behavior. No other versions tested.

Steps to reproduce:

  1. Factory reset device.
  2. Connect to WiFi network with Repeater mode (example: “public_wifi”)
  3. nmap the Beryl AX from “public_wifi”
  4. nslookup/dig using Beryl AX as server, from “public_wifi”

I have just tested 4.2.3 release 1.

I used both cable from wan to main router’s lan and repeater.

I don’t have 53 open on the wan side.

Thank you for confirming the issue is on my end. I’ve been so focused on finding the error in the MT-3000 software that I neglected to consider the network configuration may be the issue, which it was. It was determined that all port 53 traffic is being redirected to the DNS server on the network. Thanks again, alzhao.