Open DNS Security Issue

Hi All!

We have been having an issue with our ISP (Roger's) shutting down our internet service for what they are saying is an "Open DNS" on our system.  This is a new one.  There's never been a problem before and the system has been in place for years.  We have Trend-Micro Worry Free Business and I have tried blocking port 53 for inbound, BUT, of course, then all client computers on the network cannot access the internet.  Also, it will interfere with Exchange access.  We have one server and a static IP service.

What I've tried:

 - Turned off Recursion: clients could no longer access web sites
- Blocked port 53 (Inbound) - In Trend Micro Firewall: clients couldn't access web sites
- Blocked Port 53 (outbound)  - In Trend Micro Firewall: Did not resolve security issue

*** Rgers gave us a web site to check the open DNS:              www.thinkbroadband.com/tools/dnscheck.html  

When port 53 is blocked in the Trend Micro this web check shows the DNS issue as resolved, however, when not blocked it shows a problem.

How can I resolve this issue and still allow clients to access the internet web pages?
mark-IT-2013Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mandeep KhalsaCommented:
Inbound port 53 being open is causing this problem for you. There is no need for you to keep that port open. There must be some setting that is not setup properly in Trend Micro Firewall but first thing you should do is turn off the inbound port 53.

You should have one internal DNS server at the very least and that server should be the only one to resolve all client queries. Check to make sure that your IP address of the DNS server is actually being used by the clients and not something else.
0
David Johnson, CD, MVPOwnerCommented:
stop inbound from the WAN but allow outbound from the lan
0
DrDave242Commented:
Do you have a hardware router/firewall between your network and the internet? If so, that's where inbound port 53 needs to be blocked, not in Trend Micro on the DNS server. If you don't have one, follow David Johnson's advice: configure Trend Micro to allow traffic through to port 53 from the IP address range on your internal network but nowhere else (assuming Trend Micro can be configured this way).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.