D-Link Forums
D-Link VPN Router => DSR-500 => Topic started by: mtroxel on June 25, 2014, 07:47:07 AM
-
15 users behind a Server 2012 DNS server. Lots of "webpage cannot be displayed". Hit the refresh button and it pops right up. Turn on DNS logging in the server, and lots of DNS packets time out. Put my laptop into the firewall, set the DNS to 8.8.8.8 or 4.2.2.2 and I get the same symptoms. Plug my laptop straight into Comcast's router (which is set as a bridge) and everything is happy.
It's obvious this is the dead end. I have the latest firmware, 1.09B38_WW. When I search the logs for port 53, I see a lot of this:
[DSR-500][Kernel][KERNEL] same_src : Invalid address same_src : Invalid address [] LOG_PACKET[ALLOW] IN=SELF OUT=LAN SRC=192.168.50.1 DST=192.168.50.2 PROTO=ICMP TYPE=3 CODE=3 SRC=192.168.50.2 DST=75.75.76.76 PROTO=UDP SPT=63121 DPT=53
192.168.50.1 is the firewall, 192.168.50.2 is my server, 75,75.76.76 is Comcast's DNS.
-
- What Hardware version is your router? Look at sticker under router.
- What region are you located?
Is there a DNS relay feature on this router? If so, try to disable it and test again.
-
- What Hardware version is your router? Look at sticker under router.
Not on site, but when I remote in the http interface says Hdwr ver A1
- What region are you located?
Minnesota, USA
Is there a DNS relay feature on this router? If so, try to disable it and test again.
No, its disabled.
-
Was a factory reset, update FW, factory reset then set up from scratch performed when updating FW?
I recommend that you phone contact D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
-
No, did not start over when I did the FW update. I've got two other firewalls VPN'd to this and that would be a real pain. I'll try Dlink phone.
-
Let us know how it goes.
-
For anyone else finding this in a search, I think I'm on it. Dlink had me go to Advanced> Advanced Network> Attack Checks. Uncheck these two boxes:
WAN:
Block TCP flood
LAN:
Block UDP flood
Hit save, then test. My DNS lookups are noticeably faster, and I have not seen an error in either the firewall or my server's DNS monitoring.
-
Awesome info and thank you for sharing.
Glad it's working better now.
Enjoy. ;)