homepage Welcome to WebmasterWorld Guest from 54.167.249.155
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Domain Names
Forum Library, Charter, Moderators: buckworks & webwork

Domain Names Forum

    
Report: Open DNS Resolvers Increasingly Used To Amplify DDoS Attacks
engine




msg:4513455
 5:46 pm on Oct 29, 2012 (gmt 0)

Open and misconfigured DNS (Domain Name System) resolvers are increasingly used to amplify distributed denial-of-service (DDoS) attacks, according to a report released Wednesday by HostExploit, an organisation that tracks Internet hosts involved in cybercriminal activities.That's because, according to HostExploit, incorrectly configured open DNS resolvers - servers that can be used by anyone to resolve domain names to IP addresses - are increasingly abused to launch powerful DDoS attacks.Report: Open DNS Resolvers Increasingly Used To Amplify DDoS Attacks [news.techworld.com]
"It should be stressed open recursive nameservers are not a problem in themselves; it is the mis-configuration of a nameserver where the potential problem lays," HostExploit said in its report.

 

techrealm




msg:4513717
 10:47 am on Oct 30, 2012 (gmt 0)

With the OpenDns logo on this, I was unable to determine from the article mentioned that their servers contributed to these issues. As a OpenDns supporter and client am I missing something?

phranque




msg:4513728
 11:04 am on Oct 30, 2012 (gmt 0)

where is the logo?
that is an unfortunately-named brand!

however the story is about "open (lower case 'o') DNS resolvers"

open DNS resolvers are those which allow external requests for recursive domain name resolution.

you can test for open DNS recursion using the dig command:
dig @NAMESERVER.DNSPROVIDER.COM example.com
where NAMESERVER.DNSPROVIDER.COM is the DNS being tested such and example.com is a domain NOT using that nameserver.

phranque




msg:4513729
 11:08 am on Oct 30, 2012 (gmt 0)

btw this isn't something you can fix in the zone file - it's in the DNS (probably BIND) configuration.
in most cases this means you have to change your DNS provider to "fix it".

techrealm




msg:4513734
 11:42 am on Oct 30, 2012 (gmt 0)

The logo was on the WebmasterWorld home page highlighted features section. It was in the Domain Names section but I may have been in "hiding" so long I might not be aware if there are advertisements now tagged there.

phranque




msg:4513738
 12:04 pm on Oct 30, 2012 (gmt 0)

i didn't look on the home page before - that error should be resolved soon.

gpmgroup




msg:4514181
 2:13 pm on Oct 31, 2012 (gmt 0)

There doesn't seem to be a way on older servers to split/zone internal and external requests for recursive domain name resolution. The only solutions seem to be run internal and external requests on separate servers or upgrade the software.

phranque




msg:4514205
 3:03 pm on Oct 31, 2012 (gmt 0)

you simply disable external requests for recursive resolution.
what type of server?

gpmgroup




msg:4514221
 3:44 pm on Oct 31, 2012 (gmt 0)

you simply disable external requests for recursive resolution
That depends on what you class as "external", a local network is "external" to a server, however it may still need recursive resolution whereas you wouldn't want to allow recursive resolution to the "external" outside world.

Newer DNS servers solve this easily by allowing different configurations for different "zones"

phranque




msg:4514429
 11:53 pm on Oct 31, 2012 (gmt 0)

in that case, shut down port 53 at the firewall and allow "external" requests.

gpmgroup




msg:4514436
 12:14 am on Nov 1, 2012 (gmt 0)

A firewall is way too crude. It isn't capable of understanding if the request is for a non problematic authoritative answer as opposed to a recursive request.

phranque




msg:4514477
 2:49 am on Nov 1, 2012 (gmt 0)

maybe i misunderstood you - to me, "external" request means "external to the authority of that DNS", not "external to the network".

perhaps you need to disable recursion but configure a forwarder to handle "external" requests.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Domain Names
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved