Stopping Open DNS - Billion: Difference between revisions

From AAISP Support Site
mNo edit summary
 
(2 intermediate revisions by the same user not shown)
Line 6: Line 6:


[[File:Billion_dns_filter1.jpg|400px]]
[[File:Billion_dns_filter1.jpg|400px]]

*Then re-test from the Control Pages: https://clueless.aa.net.uk/dnsresolvers.cgi


Please note that on these routers this does not prevent the router's internal resolver from doing the DNS lookup itself. This isn't usually a problem, but due to recent DNS amplification attacks sometimes lookups have continued after fixing the original problem. To prevent this add a rule blocking DNS *from* the router's WAN IP *to* port 53. This will prevent usage of the router as the LAN's DNS resolver.
Please note that on these routers this does not prevent the router's internal resolver from doing the DNS lookup itself. This isn't usually a problem, but due to recent DNS amplification attacks sometimes lookups have continued after fixing the original problem. To prevent this add a rule blocking DNS *from* the router's WAN IP *to* port 53. This will prevent usage of the router as the LAN's DNS resolver.





[[Category:Open DNS Resolvers]]
[[Category:Open DNS Resolvers]]
[[Category:Router]]
[[Category:3rd Party Routers]]

Latest revision as of 09:22, 25 February 2015

Billion

Billion routers appear to have a built-in DNS resolver, and answer queries on the WAN interface by default, so is vulnerable to taking part in DDoS attacks by replying to spoofed dns queries. Screenshot below shows how to block this in filters.

This was tested on Firmware Version : 2.7.0.23(UE0.C2C)3.5.10.1

Billion dns filter1.jpg

Please note that on these routers this does not prevent the router's internal resolver from doing the DNS lookup itself. This isn't usually a problem, but due to recent DNS amplification attacks sometimes lookups have continued after fixing the original problem. To prevent this add a rule blocking DNS *from* the router's WAN IP *to* port 53. This will prevent usage of the router as the LAN's DNS resolver.