Open DNS resolver problem

Fender
Fender Posts: 24  Freshman Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security
I noticed on a Zywall 110 many sessions on port 53 from outside, i think it is a DDOS attack, how is this possible? I am not running a DNS from the Wan connection I hope? I checked it with this link: https://www.openresolver.nl/ 
Where can I make changes on the zywall to make sure DNS from outside is not accessible? In the past this issue was also on the old DSL modems: https://support.aa.net.uk/Stopping_Open_DNS_-_ZyXEL_P660R-D1 

Accepted Solution

All Replies

  • PeterUK
    PeterUK Posts: 2,699  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Unless you allow from WAN to Zywall then port 53 is not allowed from the out side.
  • Fender
    Fender Posts: 24  Freshman Member
    First Anniversary Friend Collector First Comment
    Well ofcourse, such rule I would never make, but how it is still showing as an open resolver?
  • Fender
    Fender Posts: 24  Freshman Member
    First Anniversary Friend Collector First Comment
    edited October 2020
    @Zyxel_Charlie
    I made the rule you suggested and it is blocking now and don't get the openresolver error anymore!
    Very strange that the Zywall is not blocking it by default in this matter! 
    There is only one rule from Wan to Zywall, and that is my own fixed wan-ip address to the Zywall in thic case to have full access from outside. All the other (and default Wan_to_Device) rules I always delete because in don't need the VPN stuff. 

Security Highlight