open recursive DNS server

c00kie

c00kie

c00kie

Associate
Joined
18 Oct 2002
Posts
344
Hi,

i have just received an email from Zen Abuse saying that i have an "open recursive DNS server" running and it may be able to contribute to a DDOS attack.

within the network we do run bind but only for DNS caching services - no DNS records are hosted and its not accessible from outside the network. Bind also has custom zones so that www.mydomain.com redirects to 192.168.2.x rather than an external IP.

Bind has the Zen DNS servers as forwarders. Our router blocks any incoming requests so its not like anyone can use our internal BIND server if theyre not within the network.

As far as i can see its not actually a risk, am i right? Is there anything i can do to stop it being an open recursive DNS server?

thanks
 
ok thanks for that, so at the moment in my named.conf.local i have:
Code: 
        allow-query {
                192.168.2/24;
                127/8;
                };

this should allow only internal clients to query it? (192.168.2.0 - 192.168.2.255, and localhost).

where should the "allow recursion" part go? also are there any websites which will check it for me (if i give the IP it checks for security)?
thanks
 
errata said:
I received the same ZEN message yesterday. I dont knowingly have a DNS server running on the one or 2 PC devices routinely on my LAN, my adsl router is on full security settings and antivirus etc software is also running.

I wonder if there is a teeething problem with whatever utility ZEN are using to check or do I have an unkown vulnerability.


Any suggestions for further checks I could make?
Click to expand...

ah interesting, that'd make sense seeing as i have been running my current set up for 6 months with no problem.
 
tolien said:
Some folks seem to be getting them from router DNS proxies, as a result of screwups with firmware and dodgy configuration.
There's a thread on ADSLguide about it.

For what (little) it's worth, I haven't had one, and am running both caching and secondary DNS services.
Click to expand...

ah thanks
ADSLG user said:
Zyxel Prestige 661H
Click to expand...

same router here hopefully firmware upgrade will fix it

-- for anyone else with this prob see http://www.dslreports.com/forum/remark,15793362
i just followed it and now its fixed according to http://security.zensupport.co.uk/recdns/
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom