Vodafone wrote email offener Open DNS Resolver
Vodafon close Port 53
dig cert-bund.de @109.193.xx.xx
no line found
;; WARNING: recursion requested but not available
no Firewallrule activ
found in unbound.conf
Allow access from everywhere
access-control: 0.0.0.0/0 allow
Thanks Alpensegler
Hi,
yes, they periodically scan their customers networks (or process reports
from people who do so, such as Shadowserver)
and inform them about potential misconfigurations or vulnerabilities.
To my knowledge, access to Unbound is limited by firewall rules by default
so no access from RED network is possible. Could you run the dig command
against the current public IPv4 address of your DSL/cable connection again
and post the results here?
(From my own experience: Do you have a PlayStation/xBox or similar hardware
running in your network? Those unfortunately open up port 53 for multicast
purposes via UPnP. IPFire does not support this, but the router you got from
Vodafone probably does.)
Vodafon[e] close[d] Port 53
Yes, that’s their way of dealing with abuse coming from their own customers:
If they detect an open resolver, telnet server or similar and have access to
your device by TR-069 or other protocols, they close the corresponding port
there.
This again suggests you are running IPFire behind another router. Please
give us some more details regarding your setup.
Thanks, and best regards,
Peter Müller
Salut Peter Müller,
Modem(kabelbw)—ipfire(core144) 3 ipsec tunnel
3 debian Server 1 laptop no xbox
[root@fw ~]# dig # cert-bund.de @109.193.179.19
; <<>> DiG 9.11.18 <<>># dnsnamen-bund @109.193.179.19
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22962
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;dnsname. IN A
;; ANSWER SECTION:
dnsadress. 775 IN A 159.69.62.252
;; Query time: 0 msec
;; SERVER: 109.193.179.19#53(109.193.179.19)
;; WHEN: Wed May 13 18:08:30 CEST 2020
;; MSG SIZE rcvd: 57
[root@fw ~]#
Modem(kabelbw)—ipfire(core144) 3 ipsec tunnel
3 debian Server 1 laptop no xbox
Which network zones are configured at the IPFire? Where are the servers located?
[root@fw ~]# dig # cert-bund.de @109.193.179.19
I assume the second ‘#’ is a typo. Of course, this command will succeed if you execute it
on the firewall itself. Since Vodafone closed port 53, it makes no sense to attempt querying
that IP address from any other host on the internet.
Unfortunately I have no idea of what went wrong here. The default firewall ruleset makes it
very hard to set up an open resolved exposed on RED.
Thanks, and best regards,
Peter Müller
red green blue(hostap) yellow.
The Servers on green; blue for smartphone; yello nothing,
I am install core144, after restore the backup.
All working fine.
I dont understand this with port53
My english is not so good
Thanks, and best regards,
alpensegler
Hi,
I dont understand this with port53
to test whether something responds to DNS queries on port 53, you would
normally run dig @[your public IP] example.com. But since Vodafone closed
port 53 on your router, this is not possible.
If I got it right, your IPFire is located behind their route. So, if the
IPFire system is the open DNS resolver, you should be able to test this:
Connect a computer to the Vodafone router, and run dig @[RED IP address of your IPFire] example.com.
Could you please post the output of that command here?
Thanks, and best regards,
Peter Müller
Salü, Peter Müller
i forget an old snat rule in
/etc/sysconfig/firewall.local
something is o.k. port 53 closed
Many thanks
Lothar
Please do not add your own iptables rules unless you know what you are doing and have them peer reviewed.
Hi,
thanks for your reply. Glad this problem is now solved. You might want to inform your
ISP about that, as Vodafone refuses to do any customer support (especially if the customer
is complaining about bandwidth issues) until all abuse cases have been solved.
Thanks, and best regards,
Peter Müller