I got an report from datacenter that "You appear to be running an open recursive resolver at MYSERVERIP"
so this is bad, because it can be used to ampliffy denial of service attack and some other things.
How to disable this? i got some hint to disable incoming connection to the 53 UDP port (named/bind), so one just use iptables generator to generate rule like:
after i executed it and then iptables-save command, http://openresolver.com/ still tells me:iptables -A INPUT -m udp -p udp --sport 53 -j DROP
Another idea was to edit named/bind configuration file.Open recursive resolver detected on myserverip
IP address myserverip is vulnerable to DNS Amplification attacks.
I found "named.caching-nameserver.conf" in /etc directory and i was told i can add:
intoallow-recursion {“none”;};
recursion no;
section in that fileoptions {
}
... or just add:
In my case it worked when i added red highlighted line into /etc/named.caching-nameserver.conf file (your named/bind conf file can be named other way):allow-recursion {127.0.0.1;};
then no named restart was needed and http://openresolver.com/ started detecting this:view localhost_resolver { match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
allow-recursion {127.0.0.1;};
include "/etc/named.rfc1912.zones";
};
The list of open DNS resolver checkers:Recursive resolver is not detected on myserveriphere
IP address myserveriphere is not vulnerable to DNS Amplification attacks.
http://openresolver.com/
http://security.zensupport.co.uk/
http://openresolverproject.org/
http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl/
dig +short amiopen.openresolvers.org TXT
Anyone please have ideas on how to solve this issue?
Reply With Quote
Bookmarks