Solved

Open DNS Security Issue

Posted on 2014-02-25
3
652 Views
Last Modified: 2014-03-12
Hi All!

We have been having an issue with our ISP (Roger's) shutting down our internet service for what they are saying is an "Open DNS" on our system.  This is a new one.  There's never been a problem before and the system has been in place for years.  We have Trend-Micro Worry Free Business and I have tried blocking port 53 for inbound, BUT, of course, then all client computers on the network cannot access the internet.  Also, it will interfere with Exchange access.  We have one server and a static IP service.

What I've tried:

 - Turned off Recursion: clients could no longer access web sites
- Blocked port 53 (Inbound) - In Trend Micro Firewall: clients couldn't access web sites
- Blocked Port 53 (outbound)  - In Trend Micro Firewall: Did not resolve security issue

*** Rgers gave us a web site to check the open DNS:              www.thinkbroadband.com/tools/dnscheck.html  

When port 53 is blocked in the Trend Micro this web check shows the DNS issue as resolved, however, when not blocked it shows a problem.

How can I resolve this issue and still allow clients to access the internet web pages?
0
Comment
Question by:mark-IT-2013
3 Comments
 
LVL 8

Assisted Solution

by:Mandeep Khalsa
Mandeep Khalsa earned 166 total points
ID: 39887835
Inbound port 53 being open is causing this problem for you. There is no need for you to keep that port open. There must be some setting that is not setup properly in Trend Micro Firewall but first thing you should do is turn off the inbound port 53.

You should have one internal DNS server at the very least and that server should be the only one to resolve all client queries. Check to make sure that your IP address of the DNS server is actually being used by the clients and not something else.
0
 
LVL 79

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 167 total points
ID: 39887889
stop inbound from the WAN but allow outbound from the lan
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 167 total points
ID: 39890178
Do you have a hardware router/firewall between your network and the internet? If so, that's where inbound port 53 needs to be blocked, not in Trend Micro on the DNS server. If you don't have one, follow David Johnson's advice: configure Trend Micro to allow traffic through to port 53 from the IP address range on your internal network but nowhere else (assuming Trend Micro can be configured this way).
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question