Enabling DMZ Breaks DNS
ptr727
Enthusiast - Level 2

When I enable DMZ in the router, the DNS server/relay stops working.

Verizon FiOS: 75/35
Firmware Version: 40.20.7
Model Name: MI424WR-GEN3I
Hardware Version: I

DMZ disabled:

>nslookup www.microsoft.com
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Non-authoritative answer:
Name: lb1.www.ms.akadns.net
Address: 64.4.11.42
Aliases: www.microsoft.com
toggle.www.ms.akadns.net
g.www.ms.akadns.net

DMZ enabled: 192.168.1.24

>nslookup www.microsoft.com
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to Wireless_Broadband_Router.home timed-out

Totally reproducible, clear DMZ checkbox and save, and DNS works, check checkbox and save, and DNS stops working, repeat.

 

There is nothing interesting in the logs.

Any ideas?

P.

0 Likes
Re: Enabling DMZ Breaks DNS
dslr595148
Community Leader
Community Leader

#1 I saw your other thread about this issue.

At first you said a firmware upgade fixed the issue but then you changed your mind.

#2 While I know you have FIOS Internet, do you have FIOS TV?

#3 As addressed on https://www.grc.com/dns/spoof-faq.htm


..Very few small office home office (SOHO) routers make good DNS resolvers. Mostly they just get in the way and add no value whatsoever. They don't cache, they don't accelerate, they merely catch and forward DNS requests from inside the network to the public Internet. They're just in the way...



0 Likes
Re: Enabling DMZ Breaks DNS
ptr727
Enthusiast - Level 2

Yes, that is my thread:

http://www.dslreports.com/forum/r28472239-DMZ-Breaks-DNS

After the firmware udpate the router rebooted, than DNS worked, but soon died again.

So the firmware udpate did not resolve the problem

After every reboot DNS works a bit, and then dies.

I have triple play, interent, TV, and phone.

I am not concerned about the quality of the Verizon DNS servers, nor that the router is a simple forwarder, I jsut want it to always resolve DNS addresses, regardles of the DMZ configuration.

P.

0 Likes
Re: Enabling DMZ Breaks DNS
dslr595148
Community Leader
Community Leader

Ok.

#1 I saw in your DSLR profile that you are using Windows 2008 Server x64 as your DHCP and DNS Server.

Did you do that because you are trying to work around the issue OR you like that setup?

#2 Do you have a second RJ-45 WAN port router:

a) As a spare router?

b) That does not have this issue

0 Likes
Re: Enabling DMZ Breaks DNS
ptr727
Enthusiast - Level 2

I provided all pertinent information in this thread, sleuthing information from my public profiles on other forums is intersting, but not relevant 🙂

I am using the DNS server and DHCP server on the Verizon router.

Enabling DMZ on the Verizon router breaks DNS on the Verizon router.

 

That is what I would like to fix.

P.

0 Likes
Re: Enabling DMZ Breaks DNS
dslr595148
Community Leader
Community Leader

I have been thinking about the issue.

If I were you, I would eithter:

a) Follow http://www.dslreports.com/faq/16858

b) OR continue to do what you are doing, based upon your DSLR profile (A computer behind the router is handling both DHCP and DNS).

0 Likes
Re: Enabling DMZ Breaks DNS
ptr727
Enthusiast - Level 2

I could use a different DNS server, but I really shouldn't have to.

Maybe somebody can just test it out, set up a DMZ, and see if DNS works.

I'd like to know if it is my router, or a problem with this model + firmware?

P.

0 Likes
Re: Enabling DMZ Breaks DNS
dslr595148
Community Leader
Community Leader

Considering that using the DMZ is more dangerous than using port forwarding, why would....

#1 Anyone want to try this test?

#2 Verizon want to fix this issue?

0 Likes
Re: Enabling DMZ Breaks DNS
ptr727
Enthusiast - Level 2

DMZ is a solution to special situations, it is only dangerous if you don't know what you are doing.

E.g. in order to use a different router, you have to set the DMZ to point to the second router that is behind the Verizon router.

If it is broken, Verizon should fix it, because it is broken, or remove the feature.

But, since the feature is there, and it worked in my previous Verizon router, I expect it to still work.

At this point the replies have only told me to not use the DMZ or that I don't need to use the DNS server.

Those replies were not of use to me as they did not offer a solution that let me use DMZ and DNS at the same time.

I really just ask that;

1) Somebody verifies that the feature is broken, on other similar routers, and it is not just my router that is broken.

2) Somebody shows me how to configure and use the DMZ while not breaking DNS, on this router.

2) Verizon chimes in with a solution.

P.

Re: Enabling DMZ Breaks DNS
dslr595148
Community Leader
Community Leader

@ptr727 wrote:
E.g. in order to use a different router, you have to set the DMZ to point to the second router that is behind the Verizon router.

Ok, then this what I would do then.

#1 In the second router, I would setup a Static WAN IP with-in the same Subnet as the primary router with the DNS Servers defined that you want to use.

For example..

a) Primary router's LAN IP 192.168.1.1 and subnet mask 255.255.255.0

b) Second router's LAN IP 192.168.2.1 and subnet mask 255.255.255.0

c) Second router's WAN Static IP Settings..

IP 192.168.1.2

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.1.1

DNS #1: 208.67.222.222

DNS #2: 208.67.220.220

 

#2 In the primary router, DMZ to the WAN IP of the second router.

 

#3 No other computers are connected to the primary router but the second router, all of the other computers are behind the secondary router.

0 Likes