Rut240 is doing a lot of dns queries

Hello Teltonika Community,

I hope everyone is doing well. I’m reaching out because our team is facing a critical issue with the RUT240 4G router, and we could really use your expertise.

Background: We deploy these routers in autonomous video surveillance systems, and recently, we updated the firmware. However, we’ve encountered significant DNS problems.

Previous Observation: Before the firmware update, we noticed an unusually high number of DNS requests. It seemed that, by default, the router was listening on port 53 TCP and UDP in public mode. Our router’s IP even ended up on a public DNS reference site without our intention. We attempted to add firewall rules without success.

Firmware Update Attempt: Post-firmware update, we managed to implement blocking rules for port 53 both in TCP and UDP. Nmap scans now show port 53 as closed, and DNS queries fail as expected. We’ve limited DNS services to local-only, even excluding all interfaces.

Current Challenge: Despite these changes, our connection logs still show a high volume of DNS requests, this time with the source IP being the public IP of the router. This is eating up our mobile data plan, and our client is understandably unhappy. We’ve spent a considerable amount of time troubleshooting, and unfortunately, we’re still stuck.

Your Expertise Needed: As someone with good firewall and networking knowledge, I’m turning to the Teltonika community for guidance. I’ve attached some captures for reference. Any insights or suggestions on how to stop these unwanted DNS requests would be immensely appreciated. We’re losing valuable time, and our client’s satisfaction is at stake.

Thank you for your assistance!

Best regards,

Welcome to Teltonika Networks Community !
Seems you have an issue at hand,

  1. Could you try finding where the DNS queries originate from using TCP dump on the router ? Is it the LAN Devices ?
  2. Did this issue pop up after the firmware update ?
    Clive Pinto

This topic was automatically closed after 15 days. New replies are no longer allowed.