CloudatCost OpenDNS Issue
- 
 @scottalanmiller said: And you definitely are running public DNS servers. I can use you as my DNS source. nslookup yahoo.com 104.167.117.250 Server: 104.167.117.250 Address: 104.167.117.250#53 Non-authoritative answer: Name: yahoo.com Address: 98.138.253.109 Name: yahoo.com Address: 98.139.183.24 Name: yahoo.com Address: 206.190.36.45Oh wow. Did you install Bind? 
- 
 Also, why is your firewall off? 
- 
 He must have! Or MaraDNS or whatever that competitor is called. 
- 
 It's a DC. It's my failover. What do I need to change? 
- 
 @thanksajdotcom said: It's a DC. It's my failover. What do I need to change? OH! He publicly exposed a Domain Controller!!! You have it wide open, like it is sitting on a LAN. You have DNS, DHCP, AD, etc. open to the world because your "LAN" is the Internet!! 
- 
 @thanksajdotcom said: It's a DC. It's my failover. What do I need to change? Change the Zone's the ports are allowed on. Only allow it on the VPN Zone. Aka Not Public. 
- 
 Just lock down DNS to internal only or what? 
- 
 I would never trust that DC again. Time to rebuild. 
- 
 @Aaron-Studer said: I would never trust that DC again. Time to rebuild. It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason. 
- 
 @thecreativeone91 said: @thanksajdotcom said: It's a DC. It's my failover. What do I need to change? Change the Zone's the ports are allowed on. Only allow it on the VPN Zone. Aka Not Public. Ok, so in Windows Firewall? 
- 
 @thanksajdotcom said: @Aaron-Studer said: I would never trust that DC again. Time to rebuild. It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason. It's not like he'll have it for long anyway. He doesn't have a datacenter license for every CPU in the cloud so he can't run anything but a demo license that expires in 90 days there. 
- 
 At least you don't have any open SMB shares. 
- 
 @thecreativeone91 How do you know this? I bet he did it is a domain controller after all. 
- 
 
- 
 I am using AJ as my DNS server now! THANKSAJ! =P 
- 
 @scottalanmiller said: @thanksajdotcom said: @Aaron-Studer said: I would never trust that DC again. Time to rebuild. It's secured with Webroot. Also, there's been no indication of an attack. I'm not decomming it without a good reason. It's not like he'll have it for long anyway. He doesn't have a datacenter license for every CPU in the cloud so he can't run anything but a demo license that expires in 90 days there. Why don't you just run the Standard version. Granted Cloud@Cloud not having a infrastructure based firewall option is not really the place for something like a DC. 
- 
 DNS is working great for me. 
- 
 @thecreativeone91 Me too. Super Fast! So much better then OpenDNS! 
- 
 Your firewall should be blocking everything on your public connection except RDP. 
- 
 @thecreativeone91 said: Why don't you just run the Standard version. Granted Cloud@Cloud not having a infrastructure based firewall option is not really the place for something like a DC. Standard isn't valid on a cloud. Because the VM moves around regularly and he can't lock it down, standard is not an option. Only DC is a valid option and only if he maintains a license for every CPU in the cloud. It's hundreds of millions of dollars to license Windows this way. While technical feasible, you can't actually run Windows on a cloud using your own licenses. You can in certain non-cloud VPS types, but not in this cloud-based VPS type. MS has special licenses that come from the provider to make this possible so that Amazon, for example, can offer it. 

