I've been experiencing Open DNS Resolver attacks and would like to ensure my UTM isn't acting as an open resolver. I've tested through following means
- dig +short test.openresolver.com TXT MYIP
- Running this from outside the network returns ;; connection timed out; no servers could be reached
- This is because only open dns IP addresses are allowed through port 53.
- Running this from outside the network returns ;; connection timed out; no servers could be reached
- nmap -sU -p 53 -sV -P0 --script "dns-recursion" UTMInternalIP
PORT STATE SERVICE VERSION
53/udp open domain NetWare dnsd
|_dns-recursion: Recursion appears to be enabled
-
- So this test tells me recursion is enabled.
- Searched http://openresolverproject.org/ and found my IP address is listed as open resolver.
So at this point, I pretty much believe the UTM is acting as an open resolver. I'd like to find out how to disable recursion on my UTM as I am not able to find named.conf or /etc/bind/named.conf.
Thanks.
This thread was automatically locked due to age.
