@themainliner 

Hi,

There is no provision on the AX3000 to block external requests on port 53.

But the Archer AX3000 should not forward incoming requests on port 53 to client devices connected to its local network, unless you have activated "DMZ" for one of the clients or a client has added forwarding of port 53 via UPnP (you could check the latter via the "UPnP Client List").
 

@woozle I'm dismayed that I bought a Wi-Fi router on the strength of good reviews as it would integrated with my home automation well, only to find out that I cannot block a single port on it! What kind of inept implementation have I blundered into. I use Linux, I don't tolerate this kind of absence of control I may have to look for an alternative, hopefully i can install an open source firmware on this router and make it useful.

  @themainliner 

The idea is that when exposing a client device directly to the Internet via the "DMZ" feature, then it is the responsibility of that exposed client to shield itself against incoming threats.

And UPnP can be deactivated on the AX3000 router. (and probably should be deactivated by anyone who knows how to setup port forwarding rules manually)
 

  @woozle I haven't configured a DMZ since I'm not serving anything to the Internet at this time, I might put my website back up in the future, but currently I have no need. Am I misinterpreting you by thinking, so if I disable UPnP, I can control ports with port forwarding and triggering, effectively blocking and opening them to specific traffic? Which is exactly what I require (as unfortunately there is no DD-Wrt/Open-WRT firmware that supports the AX53).

  @themainliner 

With UPnP activated the local client devices (or more precisely the software running on them) can basically add port forwarding rules on their own to the router. 

Port forwarding rules that have been added by clients via UPnP would show up in the UPnP Client List, like illustrated in the screenshot below.

Now, if the user needed the rules "test2" and "test3" to make some legit features work inside the LAN, but wanted to get rid of rule "test1" that allows access to an internal Open DNS Resolver from the Internet, then he should deactivate UPnP and instead just add the rules "test2" and "test3" manually via the "Port Forwarding" menu.
 

Question is, do you see a entry for port 53 in the UPnP Client List of your AX3000?

  @woozle Yeah, I reviewed my router last night and uPnP is not turned on. I checked Port Forwarding and only ports 80 and 443 are being forwarded. Yeah, the router is still still operating as an ODNSR. I'm clutching at straws now, could I forward port 53 to a reserved IP with no client attached as a workaround for this?

  @themainliner 

Sure, you can forward port 53 to an unused IP address.

But I don't understand why the problem is happening in the first place? With DMZ and UPnP not in use incoming requests on port 53 can't end up on one of your client devices.

Have you already examined what online port checkers (for example portchecker.co) say about port 53 ?

  @themainliner 

Perhaps someone from TP-Link should join this conversation for further investigation. @Marvin_S

By the way, the firewall of the Archer AX53 (menu Advanced -> Security -> Firewall, option "SPI Firewall") is switched ON, right?

  @themainliner Yep!

Comments @Marvin_S?