Page 1 of 1
Open DNS Resolver
Posted: Sat Mar 22, 2014 4:42 pm
by lifestyle
I just received this email below from my ISP....I am new to router OS and Im looking for some help on fixing this....
"You are receiving this email as it appears your system is running an open DNS resolver - this is usually due to an unnecessary service running on your wired or wireless router. This service is sometimes called 'DNS Relay' or 'DNS Proxy' and the ability to configure this service is generally found in your router's admin page. Most users can turn this feature off with no impact to internet service"
Re: Open DNS Resolver
Posted: Mon Mar 24, 2014 11:21 am
by janisk
head over here
http://wiki.mikrotik.com/wiki/Manual:De ... igurations
and check default firewall configuration that are set on soho routers, set something similar to this, or disable '/ip dns' allow-remote-requests (by setting that to no/false/unselecting the checkbox)
Re: Open DNS Resolver
Posted: Tue Mar 25, 2014 6:36 pm
by lifestyle
when not allowing remote requests is turned off the Debit/ credit card machines hooked up to the router would not allow a transaction to complete. Would you have another suggestion?
Re: Open DNS Resolver
Posted: Fri Mar 28, 2014 3:56 pm
by galaxynet
Sure - try this:
go to /ip firewall filter. Add rule, chain=input in-interface=the Public side interface protocol=udp dst port=53 action=drop
Then add, chain=input in-interface=the Public side interface protocol=tcp dst port=53 action=drop
These rules will drop any query to you public side interface port 53 (which is the DNS 'port'). It will let your private side query the routerboard for DNS info and will also allow the routerborad to make DNS requests to remote servers.
That should fix your open DNS resolver issue.
Thom
Re: Open DNS Resolver
Posted: Wed Nov 12, 2014 6:56 pm
by sixtycyclehum
Just wanted to say thanks for this thread. I'm a bit of a n00b still, and stuff like this is a big help to me.
Re: Open DNS Resolver
Posted: Thu Nov 13, 2014 2:10 pm
by galaxynet
You are welcome.
Thom
Re: Open DNS Resolver
Posted: Wed Nov 19, 2014 7:13 pm
by ryandenis
I had this same problem with about 3 mikrotiks I had deployed... when I unchecked the remote resolve dns box all dns stopped on the internal network. I'm trying to add the firewall rule now to all of my routers and so far so good. Thank you!
Re: Open DNS Resolver
Posted: Thu Mar 01, 2018 5:44 am
by SDFadfasdfadsf
You have got to be fucking kidding me. Why is this still a default in 2018?
Re: Open DNS Resolver
Posted: Thu Mar 01, 2018 11:18 am
by Steveocee
You have got to be fucking kidding me. Why is this still a default in 2018?
Probably because the last post was dated in 2014?