Hay so uh the mail in a box DNS server is vulnerable to amplification attacks what should I do about that or how will that be fixed
I don’t understand the screenshot - pretty much any DNS server would respond in the way described in the sscreenshot. Can you be more specific?
I am unable to repeat your results:
$ host google.com ns1.box.occams.info
Using domain server:
Name: ns1.box.occams.info
Address: 94.76.202.152#53
Aliases:
Host google.com not found: 5(REFUSED)
(Note I am on Linux, which if I understand it correctly host is the equivalent to Windows nslookup.)
I get the same result using my own MiaB as well as the one for the domain in the image.
Normally it shouldn’t be responding it should only be responding with the ones that it’s serving not others unless you’re running like a public DNS server that’s supposed to serve people’s dns’s
I have not been able to reproduce this either. In all cases, I get a REFUSED when attempting to query your MiaB DNS server for www.ionos.com as should be.
Perhaps you did an incorrect lookup? I am not familiar with the syntax of Windows ‘command line’… however, entering the same on a Ubuntu command line will return the correct DNS lookup for www.ionos.com. You may have missed a very important bit of syntax. Again though, I do not know the correct syntax for Windows.
For Ubuntu: dig @ns1.box.domain.tld www.ionos.com
Same here, can’t reproduce. dns lookups are denied
C:\Users\micro>nslookup www.microsoft.com ns1.box.<XXXX>.<XX>
Server: UnKnown
Address: 116.203.235.<XXX>
*** UnKnown can't find www.microsoft.com: Query refused
C:\Users\micro>nslookup www.google.com ns1.box.<XXXX>.<XX>
Server: UnKnown
Address: 116.203.235.<XXX>
*** UnKnown can't find www.google.com: Query refusedAren’t amplification attacks a problem of recursive domain name servers? If I understand the configuration of MIAB correctly, nsd4 faces externally and this is a non-recursive server. Bind9 is used to internally to provide a recursive server. Among other things, shouldn’t this ameliorate the attack type you mention?
I am by no means an expert in this area so please don’t take this as gospel but merely a suggested line of research to understand whether there is a potential problem.
2 Likes
I think It was just windows? but Linux does what you say
ok i know why its doing it its because my isp is having it use its own dns when the dns the pc uses does not give its info
Nevermind it’s doing it again I’m sshed into my Linux server and it’s doing it again so this is more than likely not a Windows issue
Is this the MiaB server, or a different server?
I did it on 2 of my VPSs 1 is the MiaB VPS and 1 on my windows PC
When I run host example.com ns1.box.example.net I get the same result of REFUSED, no matter what MiaB install I run the test with.
You problem seems local as nobody has discovered the same problem with any MiaB install.
In fact, while logged into my MiaB, which is example.net, I get the REFUSED response.
can i pm you the info?
I feel like it would be a bad idea to post it here as it has my servers IPs
Solved in PMs thanks for the great help