PDA

View Full Version : Open resolvers issue SOLVED, + online checkers



Fli
07-22-2014, 09:40 PM
I got an report from datacenter that "You appear to be running an open recursive resolver at MYSERVERIP"

so this is bad, because it can be used to ampliffy denial of service attack and some other things.

How to disable this? i got some hint to disable incoming connection to the 53 UDP port (named/bind), so one just use iptables generator to generate rule like:


iptables -A INPUT -m udp -p udp --sport 53 -j DROP

after i executed it and then iptables-save command, http://openresolver.com/ still tells me:

Open recursive resolver detected on myserverip

IP address myserverip is vulnerable to DNS Amplification attacks.

Another idea was to edit named/bind configuration file.

I found "named.caching-nameserver.conf" in /etc directory and i was told i can add:


allow-recursion {“none”;};
recursion no;

into


options {
}

section in that file

... or just add:


allow-recursion {127.0.0.1;};

In my case it worked when i added red highlighted line into /etc/named.caching-nameserver.conf file (your named/bind conf file can be named other way):


view localhost_resolver { match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
allow-recursion {127.0.0.1;};
include "/etc/named.rfc1912.zones";
};


then no named restart was needed and http://openresolver.com/ started detecting this:


Recursive resolver is not detected on myserveriphere

IP address myserveriphere is not vulnerable to DNS Amplification attacks.

The list of open DNS resolver checkers:

http://openresolver.com/
http://security.zensupport.co.uk/
http://openresolverproject.org/
http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl/
dig +short amiopen.openresolvers.org TXT

Anyone please have ideas on how to solve this issue?