Sonic restricting inbound DNS traffic?

Advanced feature discussion, beta programs and unsupported "Labs" features.
3 posts Page 1 of 1
by duaneoca » Mon Aug 22, 2022 8:35 pm
Hopefully this is the right branch of the forum for this discussion.

Backstory: I'm a former AT&T customer who recently upgraded to sonic 10G fiber (woohoo!) In my old setup, I had a residential gateway, in addition to my tplink router which is less than two years old. I also had a pi-hole set up on the residential gateway's network, and pointed my tplink router to it to filter ad requests, etc. It worked great.

Transition to sonic, and the residential gateway went away, and got replaced with a modem. My tplink router won't allow me to specify a device on the lan as the DNS server. It also doesn't have any capability to set up a subnet. As a result the pi-hole is out of business.

I discovered that the modem has two ethernet ports on it. I have hardened my pi-hole, changed the default ssh port, and set up a firewall to ONLY talk to the public IP address of the other port on the modem. (IP address resolved via dynamic dns available through tplink.) I also verified that the pi-hole was completely functional on my lan by manually setting the DNS sever setting on one of my machines.

So, here's the rub. I can connect to the box via ssh (on the non-standard port.) I can see the pi-hole administration page (port 80.) I can not get a response from the box on port 53 on tcp or udp. SO, my question is, is sonic filtering inbound traffic on port 53?

I know I could resolve this by moving the pi-hole inside my router and setting it up as the DHCP server, but I lose some router functions by doing that, and I'm resisting. :)

Thanks!
Duane
by msiegen » Fri Aug 26, 2022 9:32 am
I was curious so just tested this, and no, Sonic is not blocking inbound DNS. I can receive traffic on port 53 both from the other ONT port and from the outside internet.

If you do get this working, make sure you have a plan for how to update the tplink's config when when the pi-hole's IP changes. Otherwise your DNS requests will go to another customer, who will most certainly just drop them, but in theory could also log your activity.
by kgc » Tue Aug 30, 2022 10:50 am
Can you disable dhcpd on the tplink and run it on the pi-hole system instead?
Kelsey Cummings
System Architect, Sonic.net, Inc.
3 posts Page 1 of 1

Who is online

In total there are 9 users online :: 0 registered, 0 hidden and 9 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 9 guests