I've been experiencing Open DNS Resolver attacks and would like to ensure my UTM isn't acting as an open resolver. I've tested through following means dig +short test.openresolver.com TXT MYIP Running this from outside the network returns ;; connection timed out; no servers could be reached This is because only open dns IP addresses are allowed through port 53. nmap -sU -p 53 -sV -P0 --script "dns-recursion" UTMInternalIP PORT STATE SERVICE VERSION 53/udp open domain NetWare dnsd |_dns-recursion: Recursion appears to be enabled So this test tells me recursion is enabled. Searched http://openresolverproject.org/ and found my IP address is listed as open resolver. So at this point, I pretty much believe the UTM is acting as an open resolver. I'd like to find out how to disable recursion on my UTM as I am not able to find named.conf or /etc/bind/named.conf. Thanks.
↧