1

Recently both of our DNS servers stopped responding to incoming UDP on port 53, tested with dig and it works with TCP. They both have common ISP. Is there any way to traverse route and find out exactly where the incoming traffic on said port with protocol is being dropped/blocked? NMAP scan shows port as filtered. We have a pfSense firewall and I can see that it works fine with another ISP. It also works if I redirect another port (54) to the DNS server via pfSense.

DNS server is working and queries work from inside the network. To be sure I stopped DNS and used iperf on port 53 with UDP and surely can't connect from outside, iperf with TCP on port 53 and connection gets established.

Tracepath output, not sure why it doesn't stop at finding our ip but contiues.

tracepath -p53 __our_domain__
 1?: [LOCALHOST]                      pmtu 1500
 1:  10.0.2.2                                              0.542ms
 1:  10.0.2.2                                              0.254ms
 2:  192.168.0.1                                           2.652ms asymm 64
 3:  10.234.0.1                                            3.092ms asymm 63
 4:  broadband.actcorp.in                                  6.964ms asymm 62
 5:  14.141.145.5.static-Bangalore.vsnl.net.in             4.456ms asymm 61
 6:  no reply
 7:  115.110.161.30.static.vsnl.net.in                    36.027ms asymm 59
 8:  no reply
 9:  no reply
10:  218.248.160.105                                      22.052ms asymm 56
11:  no reply
12:  __our_domain__                                          57.694ms asymm 54
13:  no reply
14:  no reply
15:  no reply
16:  no reply
17:  no reply
18:  no reply
19:  no reply
20:  no reply
21:  no reply
sol
  • 11
  • 1
  • 4
  • if the ISP is not dropping your UDP traffic, then make sure you have your DNS server, listening on UDP on port 53. if you are on Linux then this can be checked with "netstat -nulp" command. – Zareh Kasparian May 30 '20 at 08:58
  • Pretty sure DNS is listening since it's resolving for internal network, but will check once more anyway. My doubt is on ISP dropping UDP traffic and that's what I wish to test so I can produce some evidence – sol May 30 '20 at 09:04
  • `tracepath -p53` uses UDP port 53 for tracing. With this it should be possible to find out where the packets no longer get forwarded. – Steffen Ullrich May 30 '20 at 09:04
  • from your server in the ISP just do nslookup or dig to any DNS server like 8.8.8.8. you may use the following command. dig -t a google.com @8.8.8.8 if you receive result then ISP is not dropping your UDP traffic. if no result returned then UDP is getting DROPPED – Zareh Kasparian May 30 '20 at 09:27
  • Outgoing UDP does work, checked with dig. – sol May 30 '20 at 09:30

0 Answers0