DNS problems with Netgear FVS equipment

A follow-up on the recent DNS-related stuff:

I figured out today that my router had a hand in those weird random connection problems. What made me especially nervous was the almost systematic way that DNS and other random UDP packets vanished from the ‘net during browsing or testing with various tools. The requests were shown to be sent in both the Wireshark protocols and the router packet capture, but an answer never arrived. As it turns out, Enterprise-class devices have their firewall preconfigured to block UDP flood from inside the local network.

The definition of “flood” used here is:

“20 simultaneous, active UDP connections from a single computer on the LAN”

http://documentation.netgear.com/fvs336g/enu/202-10257-01/FVS336G_RM-06-09.html

Now, somehow my setup managed to step over that line, and from what I gather on the ‘net I am not the only one experiencing this. Sometimes the system will run clean for a few days, then bug in increasing frequency until I get fed up with it and kill the whole DNS process plus cache. Apparently, this fixes the problem for some time as a good reset almost always does, but it is no permanent solution.

To debug, first turn on the attack-related logging functions in the router and clear the logs. Then call up “nslookup” on Windows based systems and fire some random URL DNS requests in fast sequence. In my case, after four requests the firewall kicks in and UDP flood warnings appear in the log. Maybe Windows 7 just leaves the ports open a little too long, I don’t know and I haven’t checked. However, since this feature has been turned off in the firewall settings I had no further DNS problems, and the speed of browsing has increased a little.  Hopefully that was all there was to it.

Another point of interest: Some Netgear devices have developed a habit of kicking lots of NBSTAT-packets on the LAN, one about every 5 seconds or so. Seems to belong to some type of NETBIOS detection mechanism, though the sense escapes me. The packets are of unicast-type and therefore disrupt everything one could possibly have in the way of wake-on-unicast, which linux supports to wakeup devices from standby if they are talked to directly. NETBIOS features are nowhere to be found in the configuration menu, so I guess at some point the checkbox for that must have gotten mislabeled. The one responsible is “ARP broadcast” found with the LAN settings. Turning it off quiets things down a lot.

But: You lose the capability to show unknown devices in the LAN clients list for simple management of DHCP fixed leases. You can still turn on ARP for a few minutes if you need to detect anything, though.