RV325 Gigabit Dual WAN VPN Router
Firmware Version: v1.5.1.05 (2019-10-01, 15:39:40)
Ever since I installed this RV325 on our LAN about a month ago, I've been having serious, seemingly random, and so far unsolvable DNS problems.
The RV325 is the gateway device on this LAN. It is connected via WAN1 to an AT&T Netgear ADSL modem that provides the Internet connectivity. (Currently we are not using the WAN2 connection; I'm having enough problems with WAN1 as it is.)
The LAN address of the RV325 is 192.168.214.253; its WAN1 IP address is 192.168.215.253. The Netgear modem's LAN IP address is 192.168.215.1, and it manages a static Internet IP address.
The RV325 is set up with its DHCP server active on the 192.168.214.0 subnet and proxied DNS; it's using OpenDNS's servers at 126.96.36.199 and 188.8.131.52 as its forwarding servers.
What's happening is that, seemingly at random and for no reason that I can figure out, DNS resolution on this LAN stops for some random amount of time. DNS resolution works fine for awhile, then suddenly stops working, then usually picks up back on its own (although on some occasions I've had to restart the two devices). I've run DNSQuerySniffer on one of the affected PCs, and I can see where suddenly all DNS queries from the PC (in this case 192.168.214.164) to the RV325 at 192.168.214.253 are met with no response. This can happen for as much as a minute or more, with DNS requests stacking up with no reply, before suddenly the problem seems to resolve itself.
I haven't been able to figure out how to get the RV325 to present me with logging information that would help me figure this out. But the Netgear modem has no trouble presenting me with scads of information that I can nonetheless not understand. When this DNS stoppage happens, if I check the Netgear's logs I see stacks of entries like the following:
I'm not sure what a "PortScanLo" entry is supposed to indicate on this Netgear modem, and I have been unable to find any information about this online. I'm also a bit confused about exactly what constitutes inbound traffic and what constitutes outbound traffic in this log, based on other entries I've found there. But the entries above clearly show something (not good?) happening with DNS communications (SPT=53) occurring between the RV325 (IP=192.168.215.253) and the OpenDNS servers (208.67.22x.22x).
Other Netgear log entries also seem to show outbound DNS-related traffic from the RV325 to OpenDNS being blocked:
I've been all over that modem configuration, and I can't find anywhere that allows me to block outbound ICMP requests to the Internet. Inbound, yes. Outbound, no.
I've also set up a dizzying array of firewall rules to unconditionally allow all incoming and outgoing TCP and UDP port 53 traffic between the RV325 and the OpenDNS servers. They have had no effect.
The RV325 replaced a Netgear ProSafe FVS336G firewall that was performing the same services and was configured almost exactly the same way (with the exception that it was the .254 device instead of the .253 device). We never had these repeated, widespread DNS outages with the Netgear firewall.
Can anyone help me get to the bottom of this?
Please sign in to leave a comment.