DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Vigor 2820 and BT Infinity DNS issue
- andrewc
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 31
- Thank you received: 0
09 Feb 2018 17:03 #90680
by andrewc
Replied by andrewc on topic Re: Vigor 2820 and BT Infinity DNS issue
Even more interesting is it has apparently been working OK all day... So we may be on to something with the UDP.
(I know, that's the Kiss of Death for all IT issues when we say that!)
(I know, that's the Kiss of Death for all IT issues when we say that!)
Please Log in or Create an account to join the conversation.
- andrewc
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 31
- Thank you received: 0
11 Feb 2018 11:41 #90692
by andrewc
Replied by andrewc on topic Re: Vigor 2820 and BT Infinity DNS issue
>Postby admin3 » Thu Feb 08, 2018 4:08 pm
>Please check [Firewall] > [DoS Defense] and if UDP Flood Defense is enabled, try disabling that to see if it helps with your issue.
admin3 you are a Life Saver! I unchecked the box on Thursday night having read your post. For the first time in 4 months we have run for two days without the issue recurring.
Please share with us your thinking on this one and I'll also pass it back to the guys at my end and the BT Techie who have been helping us to try and sort it.
Does BT network use UDP in some way that affects the Draytek?
>Please check [Firewall] > [DoS Defense] and if UDP Flood Defense is enabled, try disabling that to see if it helps with your issue.
admin3 you are a Life Saver! I unchecked the box on Thursday night having read your post. For the first time in 4 months we have run for two days without the issue recurring.
Please share with us your thinking on this one and I'll also pass it back to the guys at my end and the BT Techie who have been helping us to try and sort it.
Does BT network use UDP in some way that affects the Draytek?
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank you received: 0
11 Feb 2018 12:28 #90693
by hornbyp
Replied by hornbyp on topic Re: Vigor 2820 and BT Infinity DNS issue
Rather than disabling it completely, you should be able to alter the "Threshold" to a point where you no longer get false positives.
Please Log in or Create an account to join the conversation.
- andrewc
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 31
- Thank you received: 0
11 Feb 2018 12:39 #90694
by andrewc
Replied by andrewc on topic Re: Vigor 2820 and BT Infinity DNS issue
hornbyp
Good point. It was set at the defaults (150 and 10 from memory) but I'd like to understand what is actually triggering the issue before I try to make any further changes.
Good point. It was set at the defaults (150 and 10 from memory) but I'd like to understand what is actually triggering the issue before I try to make any further changes.
Please Log in or Create an account to join the conversation.
- admin3
- Offline
- Site Admin
Less
More
- Posts: 604
- Thank you received: 0
12 Feb 2018 09:37 #90701
by admin3
The default value on new routers is now 2000 packets with a timeout of 10 seconds. The way that UDP traffic, and especially DNS are used now is quite different from when the Vigor 2820 was made (around 2009).
Now that browsers like Chrome use QUIC (Quick UDP Internet Connections) for data transfer on places like Youtube, the DoS Defense method of simply blocking an IP if it sends/receives too many UDP packets isn't so useful, and can unfortunately cause false positives if it's set too low, as you've seen.
Personally I recommend simply disabling and not using UDP Flood Defense, I don't think it's a useful DoS detection method in 2018.
Forum Administrator
Replied by admin3 on topic Re: Vigor 2820 and BT Infinity DNS issue
hornbypandrewc wrote:
Good point. It was set at the defaults (150 and 10 from memory) but I'd like to understand what is actually triggering the issue before I try to make any further changes.
The default value on new routers is now 2000 packets with a timeout of 10 seconds. The way that UDP traffic, and especially DNS are used now is quite different from when the Vigor 2820 was made (around 2009).
Now that browsers like Chrome use QUIC (Quick UDP Internet Connections) for data transfer on places like Youtube, the DoS Defense method of simply blocking an IP if it sends/receives too many UDP packets isn't so useful, and can unfortunately cause false positives if it's set too low, as you've seen.
Personally I recommend simply disabling and not using UDP Flood Defense, I don't think it's a useful DoS detection method in 2018.
Forum Administrator
Please Log in or Create an account to join the conversation.
- andrewc
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 31
- Thank you received: 0
12 Feb 2018 10:22 #90702
by andrewc
Replied by andrewc on topic Re: Vigor 2820 and BT Infinity DNS issue
admin3
Many thanks for that clarification. I just checked another site I have that uses a 2860 on BT Infinity and it is indeed running fine with UDP set at 2000 packets in 10 secs.
Also thanks to everyone else on here who took time to help me address this issue which has foxed us for 4 months! A result.
Many thanks for that clarification. I just checked another site I have that uses a 2860 on BT Infinity and it is indeed running fine with UDP set at 2000 packets in 10 secs.
Also thanks to everyone else on here who took time to help me address this issue which has foxed us for 4 months! A result.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek