According to the German CERT-Bund Reports, DNS Open-resolvers can be abused for DDoS reflection attacks against third parties. They describe a simple test to discover if a server has this issue. One can execute the following command (replacing the IP with the server IP which we want to test)
Code: Select all
$ dig cert-bund.de @192.168.45.67
One of my servers, which uses Debian 12.5, has a DNS open resolver. However, I don't know how to avoid the open resolver. Some instructions say I should modify the BIND configuration. However, it seems BIND is not installed on the server:
Code: Select all
$ aptitude show bind9
Package: bind9
Version: 1:9.18.24-1
State: not installed
...
How can I disallow the open resolver? I think I don't need it.