Solved

Open DNS Security Issue

Posted on 2014-02-25
3
670 Views
Last Modified: 2014-03-12
Hi All!

We have been having an issue with our ISP (Roger's) shutting down our internet service for what they are saying is an "Open DNS" on our system.  This is a new one.  There's never been a problem before and the system has been in place for years.  We have Trend-Micro Worry Free Business and I have tried blocking port 53 for inbound, BUT, of course, then all client computers on the network cannot access the internet.  Also, it will interfere with Exchange access.  We have one server and a static IP service.

What I've tried:

 - Turned off Recursion: clients could no longer access web sites
- Blocked port 53 (Inbound) - In Trend Micro Firewall: clients couldn't access web sites
- Blocked Port 53 (outbound)  - In Trend Micro Firewall: Did not resolve security issue

*** Rgers gave us a web site to check the open DNS:              www.thinkbroadband.com/tools/dnscheck.html  

When port 53 is blocked in the Trend Micro this web check shows the DNS issue as resolved, however, when not blocked it shows a problem.

How can I resolve this issue and still allow clients to access the internet web pages?
0
Comment
Question by:mark-IT-2013
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 8

Assisted Solution

by:Mandeep Khalsa
Mandeep Khalsa earned 166 total points
ID: 39887835
Inbound port 53 being open is causing this problem for you. There is no need for you to keep that port open. There must be some setting that is not setup properly in Trend Micro Firewall but first thing you should do is turn off the inbound port 53.

You should have one internal DNS server at the very least and that server should be the only one to resolve all client queries. Check to make sure that your IP address of the DNS server is actually being used by the clients and not something else.
0
 
LVL 81

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 167 total points
ID: 39887889
stop inbound from the WAN but allow outbound from the lan
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 167 total points
ID: 39890178
Do you have a hardware router/firewall between your network and the internet? If so, that's where inbound port 53 needs to be blocked, not in Trend Micro on the DNS server. If you don't have one, follow David Johnson's advice: configure Trend Micro to allow traffic through to port 53 from the IP address range on your internal network but nowhere else (assuming Trend Micro can be configured this way).
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question