?
Solved

Open DNS Security Issue

Posted on 2014-02-25
3
Medium Priority
?
680 Views
Last Modified: 2014-03-12
Hi All!

We have been having an issue with our ISP (Roger's) shutting down our internet service for what they are saying is an "Open DNS" on our system.  This is a new one.  There's never been a problem before and the system has been in place for years.  We have Trend-Micro Worry Free Business and I have tried blocking port 53 for inbound, BUT, of course, then all client computers on the network cannot access the internet.  Also, it will interfere with Exchange access.  We have one server and a static IP service.

What I've tried:

 - Turned off Recursion: clients could no longer access web sites
- Blocked port 53 (Inbound) - In Trend Micro Firewall: clients couldn't access web sites
- Blocked Port 53 (outbound)  - In Trend Micro Firewall: Did not resolve security issue

*** Rgers gave us a web site to check the open DNS:              www.thinkbroadband.com/tools/dnscheck.html  

When port 53 is blocked in the Trend Micro this web check shows the DNS issue as resolved, however, when not blocked it shows a problem.

How can I resolve this issue and still allow clients to access the internet web pages?
0
Comment
Question by:mark-IT-2013
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 8

Assisted Solution

by:Mandeep Khalsa
Mandeep Khalsa earned 664 total points
ID: 39887835
Inbound port 53 being open is causing this problem for you. There is no need for you to keep that port open. There must be some setting that is not setup properly in Trend Micro Firewall but first thing you should do is turn off the inbound port 53.

You should have one internal DNS server at the very least and that server should be the only one to resolve all client queries. Check to make sure that your IP address of the DNS server is actually being used by the clients and not something else.
0
 
LVL 82

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 668 total points
ID: 39887889
stop inbound from the WAN but allow outbound from the lan
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 668 total points
ID: 39890178
Do you have a hardware router/firewall between your network and the internet? If so, that's where inbound port 53 needs to be blocked, not in Trend Micro on the DNS server. If you don't have one, follow David Johnson's advice: configure Trend Micro to allow traffic through to port 53 from the IP address range on your internal network but nowhere else (assuming Trend Micro can be configured this way).
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question