I've been experiencing Open DNS Resolver attacks and would like to ensure my UTM isn't acting as an open resolver. I've tested through following means dig +short test.openresolver.com TXT MYIP Running this from outside the network returns ;; connection timed out; no servers could be reached This is because only open dns IP addresses are allowed through port 53. nmap -sU -p 53 -sV -P0 --script "dns-recursion" UTMInternalIP PORT STATE SERVICE VERSION 53/udp open domain NetWare dnsd |_dns-recursion: Recursion appears to be enabled So this test tells me recursion is enabled. Searched http://openresolverproject.org/ and found my IP address is listed as open resolver. So at this point, I pretty much believe the UTM is acting as an open resolver. I'd like to find out how to disable recursion on my UTM as I am not able to find named.conf or /etc/bind/named.conf. Thanks.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Open Resolver Check

I've been experiencing Open DNS Resolver attacks and would like to ensure my UTM isn't acting as an open resolver. I've tested through following means

dig +short test.openresolver.com TXT MYIP
- Running this from outside the network returns ;; connection timed out; no servers could be reached
  - This is because only open dns IP addresses are allowed through port 53.
nmap -sU -p 53 -sV -P0 --script "dns-recursion" UTMInternalIP

PORT STATE SERVICE VERSION
53/udp open domain NetWare dnsd
|_dns-recursion: Recursion appears to be enabled

- So this test tells me recursion is enabled.
Searched http://openresolverproject.org/ and found my IP address is listed as open resolver.

So at this point, I pretty much believe the UTM is acting as an open resolver. I'd like to find out how to disable recursion on my UTM as I am not able to find named.conf or /etc/bind/named.conf.

Thanks.

This thread was automatically locked due to age.

0 Billybob over 8 years ago

The bind configuration files are found in
/var/chroot-bind/etc
directory. The files you want to edit are named.conf and named.conf-default.

Recursion has been enabled in the UTM ever since I can remember. Are you are only listening to your LAN hosts? Unless you have ANY/ External address etc under network services->DNS-> Allowed networks then you would not fail open resolver test.

You don't need to open port 53 to allow open dns??? A little confused on this point. Stateful firewalls don't need ports opened in both directions, besides DNS forwarder section is used for what you are trying to do. Just use Open DNS as your forwarder in the settings network services->DNS->Forwarders and remove all port 53 firewall rules.

Follow this guide.

www.astaro.org/.../27989-solved-dns-best-practice.html if you have any other questions.

Keep in mind, ANY changes you make void your support, also most of these files are overwritten anytime they upgrade those daemons via up2date.
Cancel
Vote Up 0 Vote Down

Cancel
0 QasimIjaz over 8 years ago in reply to Billybob

Thanks for the reply Billybob. I will go ahead and remove port 53 rules since I am already using OpenDNS as my forwarder. I only have local networks under Allowed Networks.
Cancel
Vote Up 0 Vote Down

Cancel
0 twister5800 over 8 years ago

What does this site tell you?

www.thinkbroadband.com/.../dnscheck.html

-----

Best regards
Martin

Sophos XGS 2100 @ Home | Sophos v20 Technician
Cancel
Vote Up 0 Vote Down

Cancel