ISP talking to port 53?

[sposes]

I have since been researching dns to beter understand the comunications between my router and my isp. I also dont want this to become any sort of heated discussion, not to say that is what is hapening or not. I greatly apreciate all the advice and insight given and I will continue on my learning curve.

[thehorse13]

I think you misread my post.

There is nothing to misread about this:

If you suspect that it is some kinda communication from your ISP, make a rule for your firewall (software) to block both TCP 53 and UDP 53 both incoming/outgoing for all hosts.

This makes about as much sense as telling someone to take the tires off their car because it won’t start. However, according to someone with your logic this makes sense because you then tell the poor guy to do this right after you told him to block all:

forward TCP port 53 and UDP port 53 to your private IP address. then start up the packet sniffer and you will be able to see exactly what is going on on those ports.

this is what I would have done, found that I could no longer browse sites by hostname and un-done the rule.

If this is what you would have done then it’s painfully obvious that you have no understanding of the proper way to troubleshoot networking issues. The guy isn’t asking you to participate in a lab experiment; he needs help with his primary internet connection.

you will live a boring life if you are afraid to take small risks like this.

Why don’t you live dangerously and take the risk with your own equipment instead of “learning” at the expense of others?

instead of overwhelming someone with techie words, try a little trial and error. this is HOW you learn.

ROFLMFAO. Are you kidding me? Techie words? Information Technology, hmmmmm… How the hell do you expect to solve the problem unless you completely understand all the technical aspects involved? Also, thank you for explaining how to learn. What would I do without this profound enlightenment?

if he had of done this he would have found that 53 is an essential port. so would have I. I would have un-done the rule and everything would have been fine and dandy again…

Why would you tell him to do things when you don’t understand the impact of the action? This is not only reckless, it’s a shitty thing to do to others.

Bottom line:

*You don’t understand networking.
*Not only do you have no business responding to this post, but as a member of this community, you have the responsibility to NOT make things worse by telling a person to try something out when you don’t understand the impact of the action. If you can’t help yourself and you must post, at least tell the guy that you have no idea what will happen. At least this way he can ignore you.
*Your argument only makes you look more retarded.
*You gave bad advice – period.

I’m done.

[IKnowNot]

LMFAO
Almost as entertaining as today's Handler's Diary

Needless to say, Mr. Vendor (and his boss) got a quick phone call from me, wherein I pointed out my belief that some village somewhere must be missing its idiot.
Don't follow in his footsteps. Your village needs you...

----------------------

since I changed ISP that my routers WAN light goes crazy and does not stop.

You didn't say what type connection you had or have now. Guessing broadband.

With my broadband, my receive light on the cable modem does not stop blinking.
Just haven't gotten around to taping it over yet

Not all the traffic coming into the modem is meant for me, but broadcasts, scans, normal traffic, etc. on the subnet I am on. And yes, some of the scans are directed at me, but my perimeter firewall blocks them. ( you have a perimeter firewall on that router? )

A few times my personal firewall alerted me to an incomeing conection from my isp to port 53.

What firewall? You said personal firewall so it is not the one on the router, but on the client? ( inside the LAN ).
I've seen ZA do this, even though it was configured with the DNS server as trusted, ( go figure ); it was actually a response the client initiated.

Since you are doing research on this, maybe you could tell me this:
How is your ISP ( their DNS server ) sending your client machine these packets when it is behind a router if it was unsolicited? ( I'm assuming two things here, one that your client has a private IP address, and two that your are not using Ipv6. )

[sposes]

Problem was solved today around 3PM EST (GMT -05:00) when I phoned my previous ISP and asked them to reactivate my account which was on hold for 6 months while I try the new ISP.

The guess was corect about it being brodband, I should have stated in my post. Now back with previous ISP My WAN light is now constant unless Im useing the internet or some other activite is trying to get through, just the way I like it. Haveing a WAN light blinking 24/7 drives me nuts when Im trying to sleep.


As for those DNS connections, they semed to be legit DNS trafic but when I setup a sniffer finaly able to capture the mysterious activity it seemd to be comunications between my router and ISPSD cisco router, determined that by finding a ports list. The ports the high activity was ocureing on were used by cisco routers.

EDIT: It was the loss of connection 50 times in three weeks that made me terminate services with the ISP and go back to other. I wish we (Tonronto) had more then two internet providers, monopoly, well actualy there is four for my area but the other two have rahter expensive startups, but does seem cheaper in long run.