Open Recursive DNS server on a Netgear DG834

Posted on 2006-04-03
Medium Priority
Last Modified: 2011-09-20
I recently recieved the following email from my ISP:

"It has been identified that your internet connection (my username) is acting as an open recursive DNS server. This means that your connection could contribute to a DDoS (Distributed Denial of Service) attack resulting in your and other people's connections becoming unusable.

The IP addresses of the affected devices are listed below:

      my ip address

At this point we are only informing you of a potential security vulnerability on your network. However, if we receive abuse reports about your connection contributing to a DoS/DDoS attack, your connection may be suspended until such time that this security hole is closed.

What is an open recursive DNS server?

An open recursive DNS (Domain Name System) server basically means there is something connected to your xDSL line that is responding to DNS queries from anywhere on the Internet. This device could be a router, computer, DNS server, etc.

Why is this a Problem?

As DNS queries usually use UDP (User Datagram Protocol), the source address can be spoofed, meaning that somebody can submit a request which does not go back to them but actually goes to a different location on the Internet. Also, as DNS requests are relatively small and the replies sent back are larger, someone on a single ADSL connection with an upload of 256 kbps could quite easily make someone else's 1000 kbps ADSL unusable because the latter is being saturated by the spoofed packets being sent to them.

What should you do about it?

If you have a DNS server on your network, make sure that it will only serve up DNS to local and/or known sources. If you have no such server, then we require you to run a full virus scan of all machines connected to the IP listed above.

If no viruses are found, then there is something else on your network that is acting as an open recursive DNS server. This could be a device you are unaware of, in which case we recommend you contact your network administrator in order to deal with the problem.

The other possible cause is your xDSL modem/router. If all other avenues have been tried, we advise referring to your hardware user manual to see if the DNS server can be turned off or locked down to local addresses. If there is no mention of a DNS server in the manual, we suggest contacting your hardware manufacturer or supplier for further help in resolving this problem.

Please note xxx technical support are unable to help secure DNS servers, if you have an unsecured DNS server please contact your network administrator for help in doing so."

Can anybody tell me what I need to change in the config of my 834 to comply with what my ISP wants??
Question by:metamatic
LVL 15

Accepted Solution

Frabble earned 2000 total points
ID: 16365740
Lotsa discussion on various forums about this. With Netgear it seems to be a firmware issue and you should upgrade to the latest version.

Author Comment

ID: 16390487
Spot on. Upgraded my firmware and the problem is sorted. Many thanks.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question