ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    CloudatCost OpenDNS Issue

    IT Discussion
    dns cloudatcost
    15
    184
    67.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • thanksajdotcomT
      thanksajdotcom
      last edited by scottalanmiller

      So I'm getting the following email:

      ===============================================
      A.J. Stringham,

      This message contains details on a OPEN DNS resolver found on the network..

      Please login to the console of this panel and fix this problem.
      https://panel.cloudatcost.com

      Server Information:
      IP: 104.167.117.250

      Instruction can be found to resolve this issue here.
      https://members.cloudatcost.com/index.php?fuse=knowledgebase&view=KB_viewArticle&articleId=13

      NOTE: Avoiding action on this will result in your server port being shut down.

      Thankyou for your business.

      CloudAtCost 2014

      ===============================================

      I WAS using OpenDNS before but now I am not. Not sure what's going on but the alert keeps coming up and threatening to shut down my server. Not cool. How do I resolve this?

      1 Reply Last reply Reply Quote -1
      • scottalanmillerS
        scottalanmiller
        last edited by

        AJ, you are confusing OpenDNS the vendor and an open DNS server. You are running a DNS server on your system and exposing it to the world. This violates your terms of use and you need to shut it down. This has nothing whatsoever to do with OpenDNS.

        You have port 53 exposed and talking to the outside world.

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by

          And you definitely are running public DNS servers. I can use you as my DNS source.

          nslookup yahoo.com 104.167.117.250
          Server:         104.167.117.250
          Address:        104.167.117.250#53
          
          Non-authoritative answer:
          Name:   yahoo.com
          Address: 98.138.253.109
          Name:   yahoo.com
          Address: 98.139.183.24
          Name:   yahoo.com
          Address: 206.190.36.45
          
          ? 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            How did this happen?

            1 Reply Last reply Reply Quote 0
            • ?
              A Former User
              last edited by

              OpenDNS and Open DNS aren't the same. Do a port scan on port 53. Lock down Port 53 via the firewall.

              1 Reply Last reply Reply Quote 1
              • ?
                A Former User @scottalanmiller
                last edited by

                @scottalanmiller said:

                And you definitely are running public DNS servers. I can use you as my DNS source.

                nslookup yahoo.com 104.167.117.250
                Server:         104.167.117.250
                Address:        104.167.117.250#53
                
                Non-authoritative answer:
                Name:   yahoo.com
                Address: 98.138.253.109
                Name:   yahoo.com
                Address: 98.139.183.24
                Name:   yahoo.com
                Address: 206.190.36.45
                

                Oh wow. Did you install Bind?

                1 Reply Last reply Reply Quote 0
                • ?
                  A Former User
                  last edited by A Former User

                  Also, why is your firewall off?

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    He must have! Or MaraDNS or whatever that competitor is called.

                    1 Reply Last reply Reply Quote 0
                    • thanksajdotcomT
                      thanksajdotcom
                      last edited by

                      It's a DC. It's my failover. What do I need to change?

                      scottalanmillerS ? 2 Replies Last reply Reply Quote -1
                      • scottalanmillerS
                        scottalanmiller @thanksajdotcom
                        last edited by

                        @thanksajdotcom said:

                        It's a DC. It's my failover. What do I need to change?

                        OH! He publicly exposed a Domain Controller!!!

                        You have it wide open, like it is sitting on a LAN. You have DNS, DHCP, AD, etc. open to the world because your "LAN" is the Internet!!

                        1 Reply Last reply Reply Quote 0
                        • ?
                          A Former User @thanksajdotcom
                          last edited by

                          @thanksajdotcom said:

                          It's a DC. It's my failover. What do I need to change?

                          Change the Zone's the ports are allowed on. Only allow it on the VPN Zone. Aka Not Public.

                          thanksajdotcomT 1 Reply Last reply Reply Quote 1
                          • thanksajdotcomT
                            thanksajdotcom
                            last edited by

                            Just lock down DNS to internal only or what?

                            1 Reply Last reply Reply Quote -1
                            • ?
                              A Former User
                              last edited by

                              I would never trust that DC again. Time to rebuild.

                              thanksajdotcomT 1 Reply Last reply Reply Quote 1
                              • thanksajdotcomT
                                thanksajdotcom @A Former User
                                last edited by thanksajdotcom

                                @Aaron-Studer said:

                                I would never trust that DC again. Time to rebuild.

                                It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason.

                                scottalanmillerS 1 Reply Last reply Reply Quote -1
                                • thanksajdotcomT
                                  thanksajdotcom @A Former User
                                  last edited by

                                  @thecreativeone91 said:

                                  @thanksajdotcom said:

                                  It's a DC. It's my failover. What do I need to change?

                                  Change the Zone's the ports are allowed on. Only allow it on the VPN Zone. Aka Not Public.

                                  Ok, so in Windows Firewall?

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @thanksajdotcom
                                    last edited by

                                    @thanksajdotcom said:

                                    @Aaron-Studer said:

                                    I would never trust that DC again. Time to rebuild.

                                    It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason.

                                    It's not like he'll have it for long anyway. He doesn't have a datacenter license for every CPU in the cloud so he can't run anything but a demo license that expires in 90 days there.

                                    ? thanksajdotcomT 2 Replies Last reply Reply Quote 0
                                    • ?
                                      A Former User
                                      last edited by

                                      At least you don't have any open SMB shares.

                                      ? thanksajdotcomT 2 Replies Last reply Reply Quote 0
                                      • ?
                                        A Former User @A Former User
                                        last edited by A Former User

                                        @thecreativeone91 How do you know this? I bet he did it is a domain controller after all.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @A Former User
                                          last edited by

                                          @Aaron-Studer said:

                                          @thecreativeone91 How do you know this?

                                          You can just attempt to connect 🙂

                                          1 Reply Last reply Reply Quote 1
                                          • ?
                                            A Former User
                                            last edited by

                                            I am using AJ as my DNS server now! THANKSAJ! =P

                                            1 Reply Last reply Reply Quote 2
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 9
                                            • 10
                                            • 1 / 10
                                            • First post
                                              Last post