Welcome to WebmasterWorld Guest from 54.163.84.199

Forum Moderators: buckworks & webwork

Report: Open DNS Resolvers Increasingly Used To Amplify DDoS Attacks

   
5:46 pm on Oct 29, 2012 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Open and misconfigured DNS (Domain Name System) resolvers are increasingly used to amplify distributed denial-of-service (DDoS) attacks, according to a report released Wednesday by HostExploit, an organisation that tracks Internet hosts involved in cybercriminal activities.That's because, according to HostExploit, incorrectly configured open DNS resolvers - servers that can be used by anyone to resolve domain names to IP addresses - are increasingly abused to launch powerful DDoS attacks.Report: Open DNS Resolvers Increasingly Used To Amplify DDoS Attacks [news.techworld.com]
"It should be stressed open recursive nameservers are not a problem in themselves; it is the mis-configuration of a nameserver where the potential problem lays," HostExploit said in its report.
10:47 am on Oct 30, 2012 (gmt 0)

10+ Year Member



With the OpenDns logo on this, I was unable to determine from the article mentioned that their servers contributed to these issues. As a OpenDns supporter and client am I missing something?
11:04 am on Oct 30, 2012 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



where is the logo?
that is an unfortunately-named brand!

however the story is about "open (lower case 'o') DNS resolvers"

open DNS resolvers are those which allow external requests for recursive domain name resolution.

you can test for open DNS recursion using the dig command:
dig @NAMESERVER.DNSPROVIDER.COM example.com
where NAMESERVER.DNSPROVIDER.COM is the DNS being tested such and example.com is a domain NOT using that nameserver.
11:08 am on Oct 30, 2012 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



btw this isn't something you can fix in the zone file - it's in the DNS (probably BIND) configuration.
in most cases this means you have to change your DNS provider to "fix it".
11:42 am on Oct 30, 2012 (gmt 0)

10+ Year Member



The logo was on the WebmasterWorld home page highlighted features section. It was in the Domain Names section but I may have been in "hiding" so long I might not be aware if there are advertisements now tagged there.
12:04 pm on Oct 30, 2012 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



i didn't look on the home page before - that error should be resolved soon.
2:13 pm on Oct 31, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



There doesn't seem to be a way on older servers to split/zone internal and external requests for recursive domain name resolution. The only solutions seem to be run internal and external requests on separate servers or upgrade the software.
3:03 pm on Oct 31, 2012 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



you simply disable external requests for recursive resolution.
what type of server?
3:44 pm on Oct 31, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



you simply disable external requests for recursive resolution
That depends on what you class as "external", a local network is "external" to a server, however it may still need recursive resolution whereas you wouldn't want to allow recursive resolution to the "external" outside world.

Newer DNS servers solve this easily by allowing different configurations for different "zones"
11:53 pm on Oct 31, 2012 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



in that case, shut down port 53 at the firewall and allow "external" requests.
12:14 am on Nov 1, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



A firewall is way too crude. It isn't capable of understanding if the request is for a non problematic authoritative answer as opposed to a recursive request.
2:49 am on Nov 1, 2012 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



maybe i misunderstood you - to me, "external" request means "external to the authority of that DNS", not "external to the network".

perhaps you need to disable recursion but configure a forwarder to handle "external" requests.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month