Open DNS resolver problem

Fender · October 2020

I noticed on a Zywall 110 many sessions on port 53 from outside, i think it is a DDOS attack, how is this possible? I am not running a DNS from the Wan connection I hope? I checked it with this link: https://www.openresolver.nl/
Where can I make changes on the zywall to make sure DNS from outside is not accessible? In the past this issue was also on the old DSL modems: https://support.aa.net.uk/Stopping_Open_DNS_-_ZyXEL_P660R-D1

Zyxel_Charlie · October 2020

@Fender
In default, the DNS service should be denied from outside by firewall.
or can you go to security policy and configure Wan to Zywall, DNS, Deny.
You can go to Monitor>Log>Press Show Filter>Select the DNS on Service field>Press Search to see if there is any log and action related with DNS service
Charlie

PeterUK · October 2020

Unless you allow from WAN to Zywall then port 53 is not allowed from the out side.

Zyxel_Charlie · October 2020

@Fender
In default, the DNS service should be denied from outside by firewall.
or can you go to security policy and configure Wan to Zywall, DNS, Deny.
You can go to Monitor>Log>Press Show Filter>Select the DNS on Service field>Press Search to see if there is any log and action related with DNS service
Charlie

Fender · October 2020

Well ofcourse, such rule I would never make, but how it is still showing as an open resolver?

Fender · October 2020

@Zyxel_Charlie
I made the rule you suggested and it is blocking now and don't get the openresolver error anymore!
Very strange that the Zywall is not blocking it by default in this matter!
There is only one rule from Wan to Zywall, and that is my own fixed wan-ip address to the Zywall in thic case to have full access from outside. All the other (and default Wan_to_Device) rules I always delete because in don't need the VPN stuff.

Open DNS resolver problem

Accepted Solution

All Replies

Categories

Security Highlight

Security Help Center