Open Recursive DNS server on a Netgear DG834
Posted on 2006-04-03
I recently recieved the following email from my ISP:
"It has been identified that your internet connection (my username) is acting as an open recursive DNS server. This means that your connection could contribute to a DDoS (Distributed Denial of Service) attack resulting in your and other people's connections becoming unusable.
The IP addresses of the affected devices are listed below:
my ip address
At this point we are only informing you of a potential security vulnerability on your network. However, if we receive abuse reports about your connection contributing to a DoS/DDoS attack, your connection may be suspended until such time that this security hole is closed.
What is an open recursive DNS server?
An open recursive DNS (Domain Name System) server basically means there is something connected to your xDSL line that is responding to DNS queries from anywhere on the Internet. This device could be a router, computer, DNS server, etc.
Why is this a Problem?
As DNS queries usually use UDP (User Datagram Protocol), the source address can be spoofed, meaning that somebody can submit a request which does not go back to them but actually goes to a different location on the Internet. Also, as DNS requests are relatively small and the replies sent back are larger, someone on a single ADSL connection with an upload of 256 kbps could quite easily make someone else's 1000 kbps ADSL unusable because the latter is being saturated by the spoofed packets being sent to them.
What should you do about it?
If you have a DNS server on your network, make sure that it will only serve up DNS to local and/or known sources. If you have no such server, then we require you to run a full virus scan of all machines connected to the IP listed above.
If no viruses are found, then there is something else on your network that is acting as an open recursive DNS server. This could be a device you are unaware of, in which case we recommend you contact your network administrator in order to deal with the problem.
The other possible cause is your xDSL modem/router. If all other avenues have been tried, we advise referring to your hardware user manual to see if the DNS server can be turned off or locked down to local addresses. If there is no mention of a DNS server in the manual, we suggest contacting your hardware manufacturer or supplier for further help in resolving this problem.
Please note xxx technical support are unable to help secure DNS servers, if you have an unsecured DNS server please contact your network administrator for help in doing so."
Can anybody tell me what I need to change in the config of my 834 to comply with what my ISP wants??