Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Port 53 open on MX95 WAN

MSakr
Here to help
2 weeks ago
2 weeks ago

Port 53 open on MX95 WAN

Hi All

Our ISP was complaining about port 53 being open with an active dns resolver on it 

dnsmasq-2.85

Now this is a new firewall that went live a few days ago, there is no port forwarding rules configured there, so why port 53 is open.. i tested from another public IP and port 53 is indeed open..

  1. Why this is the case and what other ports are expected to be open?
  2. how to make sure all ports are closed from internet initiated traffic as these should be?

We don't have any DNS service exposed on the public IP nor any NAT other than WAN standard NAT is on for inbound LANs to access the internet.. the MX is in routed mode obviously

Thanks 

Labels:
0 Kudos
Subscribe
7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

It is a DNS resolver, and has to be able to accept DNS replies.

I think it turns off when you don't have any DHCP scopes including the security appliance as a DNS server.

Subscribe
MSakr
Here to help
2 weeks ago
2 weeks ago

Hi @PhilipDAth 

I don't have any DHCP scopes set, all VLANs are configured not to respond to any DHCP requests..

MSakr_0-1714993044791.png

Nor are there setups pointing the appliance as a DNS relay or DNS.. I am pointing everywhere towards Google ones

 

0 Kudos
Subscribe
In response to MSakr
ww
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Im not running mx95 and i dont see port53 open from outside. 

You can take a look at ? > firewall info if that list port 53.

Otherwise create a support ticket and let them find out why its open

Subscribe
In response to ww
MSakr
Here to help
2 weeks ago
2 weeks ago

Hi @ww 

I don't see a Firewall>Info section under my mx95.. however the inbound L3 rules are set to the default deny..

MSakr_0-1714994288838.png

I don;t want to set an explicit deny for port 53 as this in theory might block all forwarder DNS traffic..

0 Kudos
Subscribe
In response to MSakr
ww
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

There is a ? On top of the dashboard screen. Then go to firewall info.

But i dont understand you L3 firewall dashboard view.  Afaik Inbound rules should be for ipv6 only not for ipv4 traffic.  Unless  you made/requested some changes to the default settings

Maybe you running the early access:  org>early access

"NAT Exceptions with Manual Inbound Firewall"

^^^

Looks like 'open port(s)' its related to above

Subscribe
In response to ww
MSakr
Here to help
2 weeks ago
2 weeks ago

Yes indeed, I enabled the early access on this one.. this is why you see the IPV4 rules.. looks more professional for me this way 🙂 

Thanks for the pointer to the firewall info.. I found a strange snmp inbound rule there that isn't set anywhere in my rules to one public IP from a range routed to the WAN public IP with source the Meraki Networks.. no clue why this is there even though the target IP is not the WAN Ip

MSakr_0-1714998534513.png

 

0 Kudos
Subscribe
MSakr
Here to help
Sunday
Sunday

Hi All

Still with Meraki support on this one, they are trying to figure it out why it is open and responding to such requests..

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.