Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User tcbendy
(newbie) Sun 13-Mar-16 16:28:10
Print Post

open dns resolver issues


[link to this post]
 
I could use some help on our Windows Server 12 Essentials - we keep getting a notice from Charter that we are operating an Open DNS Resolver so I did some research and one solution is to disable recursion on the server but when we do the forwarding is also disabled which in turn doesn't allow clients in the office to access the internet or files on the server. So I re-enabled recursion and of course, everything went back to working. So I looked into disabling port 53 on the router but I can't find anything doing this. We have an Asus RT-N66R and in the DMZ I have the server IP address as listed so certain people in the office can access the router via their home computers or when on the road. If I remove this from the DMZ, then external access to the server isn't available. We have a static IP address from Charter also.

I noticed in the Forwarders section on the server, that the IP address of the router is listed with the FQDN as router.asus.com some I'm not sure completely on why I disable the recursion that everyone's computer loses access to the internet if the router (which everyone is connected to) should be supplying DNS?

Another thing, in the DNS management under the properties for the server, in the "interfaces" tab, the Listen to button for "All IP Adresses" is checked. Should the radio button the IP address for the server be selected?

I've looked through openresolverproject.org for answers or the correct setup that allows the clients to access the internet, server files, the server and be in compliance with charter.

Thank you for all the help you can offer

Scott
Standard User Pipexer
(eat-sleep-adslguide) Sun 13-Mar-16 17:06:45
Print Post

Re: open dns resolver issues


[re: tcbendy] [link to this post]
 
All the notice means is that people on the internet can access your DNS server to resolve queries.

The reason this is happening is because you have configured the server as the DMZ. This is a very bad idea. Port forward only the neccessary ports required for external access. i.e.,perhaps 443 for SSTP VPN and perhaps 3389 for remote administrative access, and whatever else you require. You should not forward all the ports to the server (which is what putting it as the DMZ does), this is exposing the server to significant hacking attempts unneccessarily. At the moment any connection attempt to your static IP is being forwarded to your server, that includes file and print sharing, and god knows what else.

It is better practice on the DNS manager tab to select only the valid interface. This is because if IPv6 comes available the server will automatically start responding to queries on it's IPV6 interface. You do not want this to happen automatically. So just select the interface you want it to start responding on.

Leave the DNS forwarder as it is, this is all fine. The "router.asus.com" is just your router trying to give itsself a friendly name.

ZeN Fibre Unlimited 2

Edited by Pipexer (Sun 13-Mar-16 17:08:04)

Standard User tcbendy
(newbie) Sun 13-Mar-16 17:43:45
Print Post

Re: open dns resolver issues


[re: Pipexer] [link to this post]
 
thank you!


Register (or login) on our website and you will not see this ad.

  Print Thread

Jump to