Community discussions

 
wispmikrotik
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Tue Apr 25, 2017 10:43 am

DNS xxx.ddns.net

Fri Jan 18, 2019 7:46 pm

Hi,

I am seeing in my mikrotik router some connection to dns "k3yhol3.ddns.net", this dns has the IP 0.0.0.0.

Linux (nslookup):

Non-authoritative answer:
Name: k3yhol3.ddns.net
Address: 0.0.0.0

ping web:

Image

What's up with this domain? I do not understand anything, if someone can help me ...


Regards.
 
anav
Forum Guru
Forum Guru
Posts: 2900
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: DNS xxx.ddns.net

Fri Jan 18, 2019 8:22 pm

Please post your config
/export hide=sensitive file=mylatestconfig

It will help determine how your DNS and firewall rules are setup.
We may also want to consider redirect NAT rules for DNS.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
wispmikrotik
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Tue Apr 25, 2017 10:43 am

Re: DNS xxx.ddns.net

Fri Jan 18, 2019 8:41 pm

Please post your config
/export hide=sensitive file=mylatestconfig

It will help determine how your DNS and firewall rules are setup.
We may also want to consider redirect NAT rules for DNS.
Hi anav,

Thanks. export:
# jan/18/2019 20:37:41 by RouterOS 6.44beta54
# software id = 06GQ-R3YM
#
/interface bridge
add name=loopback protocol-mode=none
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk disable-pmkid=yes eap-methods="" \
    group-key-update=30m management-protection=allowed mode=dynamic-keys \
    name=p_AP supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    ampdu-priorities=0,1,2,3,4 band=2ghz-onlyn basic-rates-a/g="" \
    basic-rates-b="" bridge-mode=disabled disabled=no distance=indoors \
    frequency=2452 ht-basic-mcs="" ht-supported-mcs="mcs-3,mcs-4,mcs-5,mcs-6,m\
    cs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15" \
    hw-protection-mode=cts-to-self installation=indoor mode=ap-bridge \
    radio-name="" rate-set=configured security-profile=p_AP ssid=INVI \
    supported-rates-a/g="" supported-rates-b="" wireless-protocol=802.11 \
    wps-mode=disabled
/ip pool
add name=pool_lan ranges=192.168.88.50-192.168.88.254
/ip dhcp-server
add add-arp=yes address-pool=pool_lan disabled=no interface=wlan1 lease-time=\
    1d name=dhcp_lan
/ip neighbor discovery-settings
set discover-interface-list=none
/ip address
add address=192.168.88.1/24 interface=wlan1 network=192.168.88.0
add address=192.168.240.100 interface=loopback network=192.168.240.100
/ip dhcp-client
add dhcp-options=clientid,hostname disabled=no interface=ether1 use-peer-dns=\
    no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
/ip dns
set servers=1.1.1.1,208.67.220.220
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/system clock
set time-zone-name=Europe/Athens
/system identity
set name=valb01
/system ntp client
set enabled=yes primary-ntp=52.209.118.149 secondary-ntp=163.172.61.210
/tool bandwidth-server
set authenticate=no enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
If you make a ping or solve the domain that resolves to you?

Regards.
 
anav
Forum Guru
Forum Guru
Posts: 2900
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: DNS xxx.ddns.net

Fri Jan 18, 2019 8:47 pm

I am not familiar with 1.1.1.1 is that a legitimate DNS server??

Overall your setup is missing so many things and most of all any firewall rules.
I suggest you download the latest stable firmware 6.43.8 and reset to defaults.

For example
missing an IP pool
missing a DHCP-SERVER NEWORK
no firewall filter rules
no firewall nat rules
no IP route rules
and many others.......
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
wispmikrotik
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Tue Apr 25, 2017 10:43 am

Re: DNS xxx.ddns.net

Fri Jan 18, 2019 8:54 pm

I am not familiar with 1.1.1.1 is that a legitimate DNS server??

Overall your setup is missing so many things and most of all any firewall rules.
I suggest you download the latest stable firmware 6.43.8 and reset to defaults.

For example
missing an IP pool
missing a DHCP-SERVER NEWORK
no firewall filter rules
no firewall nat rules
no IP route rules
and many others.......
Hi,

IP 1.1.1.1 is cloudfare.
https://blog.cloudflare.com/announcing-1111/
Regarding the rules of the firewall, they are not necessary, since in front of the mikrotik there is a firewall that blocks all unwanted input/forward traffic.

Can you try to resolve the domain k3yhol3.ddns.net by ping and tell me if an IP responds?

Regards.
I appreciate your help.
 
User avatar
Takv
just joined
Posts: 24
Joined: Sun Apr 19, 2015 5:37 pm

Re: DNS xxx.ddns.net

Tue Jan 22, 2019 12:38 am

Localhost... So strange.

Enviado desde mi Mi A2 mediante Tapatalk

 
User avatar
Takv
just joined
Posts: 24
Joined: Sun Apr 19, 2015 5:37 pm

Re: DNS xxx.ddns.net

Tue Jan 22, 2019 12:45 am

https://otx.alienvault.com/indicator/do ... 3.ddns.net

Enviado desde mi Mi A2 mediante Tapatalk

 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1239
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: DNS xxx.ddns.net

Tue Jan 22, 2019 10:51 am

Localhost... So strange.

Not strange at all. When you register a DNS name, you can add any IP you like.
So some has registered k3yhol3.ddns.net with IP 127.0.0.1


I can register myserverhome.dyndns,com with IP 127.0.0.1 but why should I do that is an other question.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
Takv
just joined
Posts: 24
Joined: Sun Apr 19, 2015 5:37 pm

Re: DNS xxx.ddns.net

Tue Jan 22, 2019 4:09 pm

Exactly

Enviado desde mi Mi A2 mediante Tapatalk

 
Jcon
just joined
Posts: 1
Joined: Fri Jan 25, 2019 7:25 pm

Re: DNS xxx.ddns.net

Fri Jan 25, 2019 8:00 pm

Google `k3yhol3`
It sounds like you may have something on your network you'll want to get rid of. Sounds like whatever it is, it keeps checking that domain for a valid IP. And once it has it... it will start its process. Be it transferring data... performing a DDoS attack.... not good.
Burn it with fire... quick.

Who is online

Users browsing this forum: Google [Bot] and 85 guests