CloudatCost OpenDNS Issue

scottalanmiller

AJ, you are confusing OpenDNS the vendor and an open DNS server. You are running a DNS server on your system and exposing it to the world. This violates your terms of use and you need to shut it down. This has nothing whatsoever to do with OpenDNS.

You have port 53 exposed and talking to the outside world.

scottalanmiller

And you definitely are running public DNS servers. I can use you as my DNS source.

nslookup yahoo.com 104.167.117.250
Server:         104.167.117.250
Address:        104.167.117.250#53

Non-authoritative answer:
Name:   yahoo.com
Address: 98.138.253.109
Name:   yahoo.com
Address: 98.139.183.24
Name:   yahoo.com
Address: 206.190.36.45

scottalanmiller

How did this happen?

A Former User

OpenDNS and Open DNS aren't the same. Do a port scan on port 53. Lock down Port 53 via the firewall.

A Former User

@scottalanmiller said:

And you definitely are running public DNS servers. I can use you as my DNS source.

nslookup yahoo.com 104.167.117.250
Server:         104.167.117.250
Address:        104.167.117.250#53

Non-authoritative answer:
Name:   yahoo.com
Address: 98.138.253.109
Name:   yahoo.com
Address: 98.139.183.24
Name:   yahoo.com
Address: 206.190.36.45

Oh wow. Did you install Bind?

A Former User

Also, why is your firewall off?

scottalanmiller

He must have! Or MaraDNS or whatever that competitor is called.

thanksajdotcom

It's a DC. It's my failover. What do I need to change?

scottalanmiller

@thanksajdotcom said:

It's a DC. It's my failover. What do I need to change?

OH! He publicly exposed a Domain Controller!!!

You have it wide open, like it is sitting on a LAN. You have DNS, DHCP, AD, etc. open to the world because your "LAN" is the Internet!!

A Former User

@thanksajdotcom said:

It's a DC. It's my failover. What do I need to change?

Change the Zone's the ports are allowed on. Only allow it on the VPN Zone. Aka Not Public.

thanksajdotcom

Just lock down DNS to internal only or what?

A Former User

I would never trust that DC again. Time to rebuild.

thanksajdotcom

@Aaron-Studer said:

I would never trust that DC again. Time to rebuild.

It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason.

thanksajdotcom

@thecreativeone91 said:

@thanksajdotcom said:

It's a DC. It's my failover. What do I need to change?

Change the Zone's the ports are allowed on. Only allow it on the VPN Zone. Aka Not Public.

Ok, so in Windows Firewall?

scottalanmiller

@thanksajdotcom said:

@Aaron-Studer said:

I would never trust that DC again. Time to rebuild.

It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason.

It's not like he'll have it for long anyway. He doesn't have a datacenter license for every CPU in the cloud so he can't run anything but a demo license that expires in 90 days there.

A Former User

At least you don't have any open SMB shares.

A Former User

@thecreativeone91 How do you know this? I bet he did it is a domain controller after all.

scottalanmiller

@Aaron-Studer said:

@thecreativeone91 How do you know this?

You can just attempt to connect

A Former User

I am using AJ as my DNS server now! THANKSAJ! =P

A Former User

@scottalanmiller said:

@thanksajdotcom said:

@Aaron-Studer said:

I would never trust that DC again. Time to rebuild.

It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason.

It's not like he'll have it for long anyway. He doesn't have a datacenter license for every CPU in the cloud so he can't run anything but a demo license that expires in 90 days there.

Why don't you just run the Standard version. Granted Cloud@Cloud not having a infrastructure based firewall option is not really the place for something like a DC.