Security Issue with Inbound IP W2k8

Discussion forum for Enterprise Edition.
Post Reply
crnunez
Posts: 213
Joined: Sun Jan 25, 2004 8:26 pm

Security Issue with Inbound IP W2k8

Post by crnunez » Mon Jan 07, 2013 9:05 pm

Hello friends,
Some time ago, I have a severe attack DDoS to my DNS Server (queries to ALL isc.org); I tried to mitigate this big problem; today I discovered some very important fact:

1) If I disable recursion on Windows DNS Server, it doesn’t respond to non-authoritative queries (It's the most important point for mitigate attacker).
2) If I disable all unnecessary IP to listen on DNS Server, it helps with mitigation.
3) I test this configuration; but I find a trouble because my IP are listen DNS queries for non-authoritative request! Then I test a lot, even with "DNS Benchmark" where I was surprised because my first IP is listen when I have enable this IP on "Bind to selected IP.." http://www.mailenable.com/documentation ... bound.html

Issue: MailEnable shouldn't enable or listen IP on DNS Server even If I have selected "Always bind the service to all available IP".

So, I have a backdoor for any request to my DNS server.

Regards.
Regards,
Robert N.
Zona Hosting - Hosting y Servicios Profesionales en Internet.

kiamori
Posts: 250
Joined: Wed Nov 04, 2009 1:39 am
Contact:

Re: Security Issue with Inbound IP W2k8

Post by kiamori » Sat Feb 02, 2013 9:12 am

Get SimpleDNS, it works much better than windows DNS and you can specify which IP's are ok to respond to.

Post Reply