Community discussions

MikroTik App
 
lifestyle
just joined
Topic Author
Posts: 2
Joined: Sat Mar 22, 2014 3:59 pm

Open DNS Resolver

Sat Mar 22, 2014 4:42 pm

I just received this email below from my ISP....I am new to router OS and Im looking for some help on fixing this....

"You are receiving this email as it appears your system is running an open DNS resolver - this is usually due to an unnecessary service running on your wired or wireless router. This service is sometimes called 'DNS Relay' or 'DNS Proxy' and the ability to configure this service is generally found in your router's admin page. Most users can turn this feature off with no impact to internet service"
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Open DNS Resolver

Mon Mar 24, 2014 11:21 am

head over here http://wiki.mikrotik.com/wiki/Manual:De ... igurations

and check default firewall configuration that are set on soho routers, set something similar to this, or disable '/ip dns' allow-remote-requests (by setting that to no/false/unselecting the checkbox)
 
lifestyle
just joined
Topic Author
Posts: 2
Joined: Sat Mar 22, 2014 3:59 pm

Re: Open DNS Resolver

Tue Mar 25, 2014 6:36 pm

when not allowing remote requests is turned off the Debit/ credit card machines hooked up to the router would not allow a transaction to complete. Would you have another suggestion?
 
galaxynet
Long time Member
Long time Member
Posts: 646
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Re: Open DNS Resolver

Fri Mar 28, 2014 3:56 pm

Sure - try this:

go to /ip firewall filter. Add rule, chain=input in-interface=the Public side interface protocol=udp dst port=53 action=drop

Then add, chain=input in-interface=the Public side interface protocol=tcp dst port=53 action=drop

These rules will drop any query to you public side interface port 53 (which is the DNS 'port'). It will let your private side query the routerboard for DNS info and will also allow the routerborad to make DNS requests to remote servers.

That should fix your open DNS resolver issue.

Thom
 
sixtycyclehum
just joined
Posts: 4
Joined: Wed Nov 12, 2014 6:41 pm

Re: Open DNS Resolver

Wed Nov 12, 2014 6:56 pm

Just wanted to say thanks for this thread. I'm a bit of a n00b still, and stuff like this is a big help to me.
 
galaxynet
Long time Member
Long time Member
Posts: 646
Joined: Fri Dec 17, 2004 2:52 pm
Contact:

Re: Open DNS Resolver

Thu Nov 13, 2014 2:10 pm

You are welcome.

Thom
 
ryandenis
newbie
Posts: 31
Joined: Fri Aug 29, 2014 7:40 am

Re: Open DNS Resolver

Wed Nov 19, 2014 7:13 pm

I had this same problem with about 3 mikrotiks I had deployed... when I unchecked the remote resolve dns box all dns stopped on the internal network. I'm trying to add the firewall rule now to all of my routers and so far so good. Thank you!
 
SDFadfasdfadsf
just joined
Posts: 23
Joined: Sun Feb 07, 2016 2:21 am

Re: Open DNS Resolver

Thu Mar 01, 2018 5:44 am

You have got to be fucking kidding me. Why is this still a default in 2018?
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1120
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Open DNS Resolver

Thu Mar 01, 2018 11:18 am

You have got to be fucking kidding me. Why is this still a default in 2018?
Probably because the last post was dated in 2014?

Who is online

Users browsing this forum: Ahrefs [Bot], akakua, GoogleOther [Bot], sebus46, sindy, uxertxo, VinceKalloe and 86 guests