Port 53 open on WAN side

I have tested the WAN port of 4 Peplink routers using nmap.

Three routers are running firmware 6.3.4 and each of them has TCP port 53 and UDP port 53 open. One is a Balance 20, the other two are Surf SOHOs.

One router, a Surf SOHO is running firmware 7.1.2 and it has both of these ports closed on the WAN side. I do not have access to a router running firmware 8.

Is port 53 open on purpose or a bug? Each router is similarly configured.

I am not the first customer to notice TCP port 53 open on WAN side.

TCP port 53 open on Balance 20 with 6.2.2
TCP port 53 open on Balance 20 with 6.2.2
there was no resolution to this

Balance 305 has ports open on the outside that are not defined in the GUI
Firmware 6.1.2


This too did not have a solution posted publicly

@Michael234

Would you able to provide RA access for the devices that running 6.3.4 ? Possible please PM me the info, I would like to confirm this.

For the old forum post 6.2.2 and 6.1.2, we did not get the reply from the forum users after that and support team tested we don’t see the ports is opened.

1 Like

Glad to give you the public IP addresses of any of the routers so you can confirm nmap results. Just not here in a public forum. Yes, should be able to get remote access for you. Or, I could dump the config files and send them to you. Whatever you prefer.

PM is what?

1 Like

@Michael234

PM refer to "Private Message :wink:

You can click on “MY Name” and send a message to me.

1 Like

I checked the same 3 routers running firmware v6 today and NONE of them shows port 53 open for either TCP or UDP. I have no explanation. Maybe losing my mind. Maybe they were being scanned or DoS’d and shut down the port in self-defense? Will continue to check and if the port opens up again will take screen shots of the nmap report this time. Sorry for what appears to have been a false alarm.

@Michael234

You not losing your mind :smile::smile::smile: This is common when the traffics travelling to multiple service provider end (Route Path). Some ISP may intercept the traffics at different times and you may see the ports is opened.

I just sent you a reply via private message, i’m scanning the device direct connect to the WAN to avoid those unpredictable behavior. Confirmed the TCP53/UDP53 ports is not listening for firmware 6.3.4/6.3.5.

2 Likes

And today, one of the routers again shows as having port 53 UDP and TCP open (only tested one). This is all new to me. Will send you screen shots privately, just to prove my sanity.

Your point makes sense when you consider that sometimes I use a VPN and sometimes I do not. And, when I do use one, I often pick a different VPN server. So, my network path to the tested routers is likely to be very different from day to day.

Live and learn.

RESOLVED: this is not a Peplink issue at all.

It turns out that port 53 is special. At times, something between the nmap requestor and the target router is intercepting the nmap port probe on port 53 and answering in the affirmative. The Peplink router never sees the port 53 probe. This was confirmed by running a full packet trace on a target Peplink router and making an nmap port test of ports 52, 53 and 54. Wireshark showed the incoming requests for port 52 and 54 but not for 53.

Live and learn. Many thanks for the assistance from Peplink.

FYI: Blog with details here
https://www.michaelhorowitz.com/Port53.DNS.mystery.sovled.php

3 Likes