CloudatCost OpenDNS Issue
-
And you definitely are running public DNS servers. I can use you as my DNS source.
nslookup yahoo.com 104.167.117.250 Server: 104.167.117.250 Address: 104.167.117.250#53 Non-authoritative answer: Name: yahoo.com Address: 98.138.253.109 Name: yahoo.com Address: 98.139.183.24 Name: yahoo.com Address: 206.190.36.45
-
How did this happen?
-
OpenDNS and Open DNS aren't the same. Do a port scan on port 53. Lock down Port 53 via the firewall.
-
@scottalanmiller said:
And you definitely are running public DNS servers. I can use you as my DNS source.
nslookup yahoo.com 104.167.117.250 Server: 104.167.117.250 Address: 104.167.117.250#53 Non-authoritative answer: Name: yahoo.com Address: 98.138.253.109 Name: yahoo.com Address: 98.139.183.24 Name: yahoo.com Address: 206.190.36.45
Oh wow. Did you install Bind?
-
Also, why is your firewall off?
-
He must have! Or MaraDNS or whatever that competitor is called.
-
It's a DC. It's my failover. What do I need to change?
-
@thanksajdotcom said:
It's a DC. It's my failover. What do I need to change?
OH! He publicly exposed a Domain Controller!!!
You have it wide open, like it is sitting on a LAN. You have DNS, DHCP, AD, etc. open to the world because your "LAN" is the Internet!!
-
@thanksajdotcom said:
It's a DC. It's my failover. What do I need to change?
Change the Zone's the ports are allowed on. Only allow it on the VPN Zone. Aka Not Public.
-
Just lock down DNS to internal only or what?
-
I would never trust that DC again. Time to rebuild.
-
@Aaron-Studer said:
I would never trust that DC again. Time to rebuild.
It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason.
-
@thecreativeone91 said:
@thanksajdotcom said:
It's a DC. It's my failover. What do I need to change?
Change the Zone's the ports are allowed on. Only allow it on the VPN Zone. Aka Not Public.
Ok, so in Windows Firewall?
-
@thanksajdotcom said:
@Aaron-Studer said:
I would never trust that DC again. Time to rebuild.
It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason.
It's not like he'll have it for long anyway. He doesn't have a datacenter license for every CPU in the cloud so he can't run anything but a demo license that expires in 90 days there.
-
At least you don't have any open SMB shares.
-
@thecreativeone91 How do you know this? I bet he did it is a domain controller after all.
-
-
I am using AJ as my DNS server now! THANKSAJ! =P
-
@scottalanmiller said:
@thanksajdotcom said:
@Aaron-Studer said:
I would never trust that DC again. Time to rebuild.
It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason.
It's not like he'll have it for long anyway. He doesn't have a datacenter license for every CPU in the cloud so he can't run anything but a demo license that expires in 90 days there.
Why don't you just run the Standard version. Granted Cloud@Cloud not having a infrastructure based firewall option is not really the place for something like a DC.
-
DNS is working great for me.