Recursive DNS

Questions about networking.
In the Original Post please also include the output of inxi -FNzxx
User avatar
Edd Juglans
Posts: 20
Joined: 01 Jul 2013 20:03
Location: Stansted, UK

Recursive DNS

Postby Edd Juglans » 11 Apr 2016 16:58

Please excuse me if this question is is the wrong section.

I received an email from my ISP (Plusnet) today.
____________________________________________________________

" - I'm sorry that you're experiencing problems with the firewall being turned on for your account. This will be due to an Recursive DNS/Open DNS responder coming from your connection.

This means that something on your network is responding to public DNS requests, this is why the firewall is being turned on. Unfortunately we can't advise which device it is as we simply wouldn't be able to tell, it could be the router, extender, booster box, android box or even a networked hard drive.

An open DNS resolver can be used in certain types of online attacks, so when we detect one we take steps to mitigate this until the problem is resolved.

If you require help resolving this fault, please follow the following forum post for help on this: https://community.plus.net/t5/Fibre-Bro ... 019#M36171

Please be advised until you've resolved this issue, the firewall will keep on being turned on. "
_____________________________________________________________

To be honest, I don't even know what a DNS server is or does, so could someone please advise me on what I can do about this issue?

User avatar
grizzler
Posts: 2034
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: Recursive DNS

Postby grizzler » 11 Apr 2016 20:02

Something on your 'network' is responding to DNS requests from 'the internet'. That is, when an external client sends a request to port 53 on your IP address, asking what the IP address of some other host/system is, it gets a reply. That's not supposed to happen.

As the ISP's mail indicated, it could be any device on your network. However, I would look at the router first. If that's not the culprit, it must be letting incoming requests on port 53 through. It shouldn't do that.

What devices do you have on your network?
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
Zill
Posts: 1850
Joined: 13 Aug 2013 14:28
Location: Lincolnshire, UK

Re: Recursive DNS

Postby Zill » 11 Apr 2016 20:17

IMHO, this seems to be a strange email for you to receive from Plusnet "out of the blue". Have you been having problems with your internet connection and, if so, in what way?

The link you supplied to Plusnet forums does contain useful information if you read the whole thread. In particular, message #10 explains exactly what DNS is although, I should add, most home systems do not have a DNS server. However, I have no real knowledge of "recursive DNS" and why this should be a problem with your connection.

I suggest the best course of action is to contact Plusnet and get them to clarify exactly what they expect you to do about this. You should also consider how much "tweaking" you have done to your router and any connected computers or other devices. If you have knowingly installed any servers then this could be the problem. Have you enabled upnp on the router or added any port forwarding rules? The more "standard" your system is the less likely you are to experience any funnies.

Finally, I would ask, if your system is actually running well then have you got any reason why the router firewall should not be permanently turned on?

User avatar
Edd Juglans
Posts: 20
Joined: 01 Jul 2013 20:03
Location: Stansted, UK

Re: Recursive DNS

Postby Edd Juglans » 12 Apr 2016 08:57

Thank you all for helping out a floundering noob.

I've been a Plusnet customer for a number of years now, largely without any issues, so why this email 'out of the blue' is baffling.
There does seem to be some discussion in the Plusnet forums about the Government's new 'proposal' that will oblige ISPs to keep logs of all their customer's internet traffic for a number of months. It would appear there is some suspicion amongst customers who have received similar emails, that Plusnet are attempting to jump the gun a little by logging traffic through either their server-side firewall, or the customer's own Plusnet router firewall. At this point it's just speculation as we can't actually prove it.

That aside, looking at my standard, unfaffed-with Plusnet router settings, there appears to be a DNS server running, with no option to switch it off. I don't know what it means. DNS server set to Auto, Primary DNS set to 212.159.6.9 - and Secondary DNS set to 212.159.6.10 - router firewall set to default. UPNP set to enabled. I would post screenshots - but yes, I don't know how to do that either. I also did a DNScheck at http://www.thinkbroadband.com/tools/dnscheck.html - which resulted in "Success! We detected your IP address as 46.208.115.33 and did not find an open DNS resolver running".

My system is running perfectly, as you'd expect from SolydX, and I have closed port 53 in internal ufw firewall. The only fly in the ointment might be my wife's Windows 10 box. I think she's running some sort of Comodo firewall, haven't checked yet.

Do you think I'd be better off if I bought my own router? I don't really trust Plusnet's, to be honest. And what is the point of running ufw is you still need to router's firewall on?

User avatar
grizzler
Posts: 2034
Joined: 04 Mar 2013 15:45
Location: The Hague, NL

Re: Recursive DNS

Postby grizzler » 12 Apr 2016 09:41

As far as the e-mails are concerned, I think they may just be the result of some automated process to check for unwanted open DNS resolvers in their network and nothing more.

Those IP addresses in the router settings belong to Plusnet's own DNS servers. They're for your own use. If that router is a device supplied by your ISP, I don't think it would (should) be able to act as a DNS resolver for the internet. If it was, that would be a good reason to ask them for a replacement, because it would be broken.

The fact the DNScheck site doesn't see a DNS resolver at your IP address makes sense. After all, they switched on the firewall, didn't they?

If the firewall bothers you, I suggest you follow ZIll's advice and put some pressure on Plusnet. They want you to fix things? Let them tell you how to do that! If they supply devices that answer DNS request from the internet or allow those request through to the user's local network, they're the ones who should fix things.

Edit
On second thought, maybe that's what they just did. By switching on the firewall. Could be they realised they had supplied their customers with broken hardware and this was the 'fix'. Just speculating here...
Frank

SolydX EE 64 - tracking Debian Testing

User avatar
Zill
Posts: 1850
Joined: 13 Aug 2013 14:28
Location: Lincolnshire, UK

Re: Recursive DNS

Postby Zill » 12 Apr 2016 10:11

I agree with grizzler that the IP addresses you supplied are for the Plusnet DNS servers. I suggest that the router reference to "DNS server" simply indicates where your router goes to in order to lookup which numerical IP address corresponds to the url text address you type into your web browser. This can be either your ISP DNS server IPs or alternative DNS server IPs of your choosing. The router setting of "Auto" then, presumably, points to the ISP DNS server IPs, which in this case are run by Plusnet.

IMO, neither your router, nor any of your connected computers, should be running a DNS server.
Edd Juglans wrote:... Do you think I'd be better off if I bought my own router? I don't really trust Plusnet's, to be honest. And what is the point of running ufw is you still need to router's firewall on?
I don't think it is ever wrong to have another router! Unlocked routers are available cheaply (try ebay!) so you are not stuck with any weird ISP configurations. Regarding firewalls, I suggest that ufw is most important for computers (such as laptops) that are used away from home as these are most at risk. All home routers automatically provide a high degree of firewall-type protection via NAT (Network Address Translation), making ufw unnecessary for fixed computers.

User avatar
ilu
Posts: 2005
Joined: 09 Oct 2013 12:45

Re: Recursive DNS

Postby ilu » 14 Apr 2016 14:54

I don't get what kind of "firewall" plusnet turned on there. Routers usually have a NAT system which might be considered a firewall and that should be on by default for your own protection. If they had to turn that on just now they were delivering broken hardware before as grizzler said. Something to complain about but not for the reason you imagined.

But I'm wondering how plusnet can turn something on or off on your devices though. This means there is a backdoor on the device that allows remote administration. If plusnet can administer your router frome remote anybody else can theoretically do so too. Your safety relies on plusnet keeping the data for remote access safe and I certainly would not rely on that. So yes, I would buy my own router. But I would turn the NAT firewall on myself which it should be by default. And I would make sure every remote access to the device is closed - which should also be default.

UFW is good to ensure that there are no services offered by your computer by mistake. And it might prevent software from calling home if configured that way (which open software should not do). And on mobile devices as Zill said.

Regarding government monitoring your traffic: rest assured, they do that anyway (ever heard the tale about Snowden and the Seven - err Five - Eyes ?). They don't need your router for that.

Edit: sorry I missed the big british flag.

mhwelsh
Posts: 241
Joined: 15 Apr 2013 18:48

Re: Recursive DNS

Postby mhwelsh » 14 Apr 2016 15:30

I have been with Plus Net since before it was Plus Net. I am a force9 customer.
They have provided a trustworthy service and they even used to answer the phone.
When you have hiccups on your broadband the first thing they ask you to is to try another modem. They sent me one and I bought it at a reasonable price rather than send it back. I now use a wireless router so I bought a spare one of those again for about £20 Redstore.com.

Modems and routers can be difficult to understand/set up to the normal computer plonker so it is wise to set up a spare before needing it in anger.

One disadvantage of Plus Net is the complexity of the web site. It covers everything and as you appreciate it is only as big as your monitor. In the website, the member section, there is a page with service messages and this may well give you more information. It is worth finding.

I have a fixed isp but obviously use their DNS servers.


martin welsh


Return to “Networking”

Who is online

Users browsing this forum: No registered users and 1 guest