Get online support
Howdy Everyone,
This has been bugging me for years, and I cannot figure it out, I've somewhat given up with talking with the help desk because they state that all the ports are open and there is nothing blocked.
Here is the situation, its been going on for years, and I stumbled over this page while looking for another solution for another problem and thought I would give it a go!
I have two ADSL Connections here in our office, sadly we cannot get anything else, maybe the NBN in a few months, but no promises! One is with Exetel the other is with TPG, we have had these two connections for about 7 years in our current location, about 4 years previous to this, its boring old ADSL about 6+ klms from the exchange, I cannot really get a good gauge of the speed, because when it rains, or is overly dry, we have issues, BUT it works, most of the time (The TPG Link drops about every 2 hours, almost to the same minute every day (eg 14:14, then 16:16 then 18:18 etc etc) but I've learned to live with that, calling the desk, they put 'protection' on the line, and it doesnt help, but the connection slows down.
SO... There are two connections, with two Draytek Modems, that hook into a draytek 2920Vn, running 3.6.7.1 Firmware, the connections are stable (there is a third wireless connection that I use when I have connection issues, and when I *neeeed* something to be stable, we have some programs that if the connection drops to the remote end, its not the end of the world, but it costs money etc, so the wireless is a good way to make sure its going to be there (sad hey!)) The first connection is the TPG Business, PPPoE the Second is Exetel, the third is optus wireless.
Everything is on the same subnet locally, 192/24 network, about a dozen PC's a small group of servers and that is about it! Now the exetel connection is set up the same way as the tpg connection, the modems that exist on the other side of the 2920 Draytek are setup the same way, with the same settings (its been many years since I looked at it, but they are stock standard settings for the modems)
They both connect, they both stay online (except for the above issue) the exetel stays online for weeks at time, the tpg about 2-3 hours max at a time. We run our own mail/web/server presences here... why, because I do, moving on, When I open up the ports needed to run mail servers/web servers/DNS etc (53/25/110/143/366/465/587/993 (With the udp and tcp needed for each one as needed) the exetel connection passes them all through without any issues (I mean the router does), BUT the TPG passes everything except for port 53, I can open ports 1-65535, and point them at a box locally (with the appropriate ports open/services running) and everything except for port 53 will answer/respond...
It only happened after we moved, so I thought, maybe had the modems back the front, swapped them around, no change, defaulted the router no change, I even connected a laptop with a dns server programming running on it, to the modem directly, and I could move it to port 54 and it would respond, but not on port 53.. I am truly at a loss to explain this.
Plus, about 3 years ago, I replaced the old draytek modems with newer ones, and the issue stayed the same, I cant quite fathom it, the only thing I havent done is delve into telnet interface on the router...
Has anyone heard or come accross anything like this...
Thanks!
Hi @redness sounds like a curly one, a lot of malicious back door attacks use port 53 from memory, you've probably already tried dissabling firewalls and A/V just for a test, if you've been attacked on that port at some stage maybe it's now being ignored as a valid port?, have you also tried a single WAN router just on TPG as a test?
Howdy Yes,
Tried it with a couple of different modems, and even swapped the 'good' modem here with the 'bad' one (Exetel connection with the TPG one)
I am at a loss to explain it.
My immediate question is: Why you want to open port 53 to the public?
It's been on the list of things that are not done for a very, very long time - unless, of course, you are running a DNS service, in which case you would be using something very different to TPG's standard offering, anyway.
I run my own mail server / dns server / web server locally... and have been for the last 15 odd years... So I serve my own dns etc locally, and I am using the two connections to provide "redundancy" (I know the 2920 is the point of failure, but two links that can load share)
So I have port 53 udp/tcp open on both of the modems, but the tpg one doesnt allow anything through.
@rednesswrote:I run my own mail server / dns server / web server locally... and have been for the last 15 odd years... So I serve my own dns etc locally, and I am using the two connections to provide "redundancy" (I know the 2920 is the point of failure, but two links that can load share)
So I have port 53 udp/tcp open on both of the modems, but the tpg one doesnt allow anything through.
I run my own stuff (since about 2003 too!), including a local DNS, but I have never needed to open port 53 for that, whether I've been on a static IP address or dynamic.
I only allow incoming connections for SMTP (25), HTTP (80), HTTPS (443), and SSH (22).
I occasionally ruminate on setting up and opening the secure IMAP port, but when I'm away from home I find webmail (I use RoundCube) to be more than adequate.
There's that lovely comment in the "options" section of most shipped named.conf files that says:
// Uncommenting this might help if you have to go through a
// firewall and things are not working out. But you probably
// need to talk to your firewall admin.
// query-source port 53;
That has been leading people astray in various ways for lo these many decades, but really, unless you are serving DNS requests outside your local network, port 53 doesn't have to be open on the modem, when your bind process does a forward to wherever it gets its answers (I mix OpenDNS and the TPG servers) it just goes out and the border routers handle it.
I actually host my own DNS Locally so I need port 53 opened, the exetelly current has the DNS load on it, but would like the tpg to be the backup. (The DNS is the authoritative server for our records), we have our dns elsewhere.