HPE Community
WAN Routing
1753716 Members
4680 Online
108799 Solutions
New Discussion

H3C MSR30-40 - Need to close my open resolver on WAN port

 
Jeremy112
Advisor

‎10-22-2014 05:38 PM

‎10-22-2014 05:38 PM

H3C MSR30-40 - Need to close my open resolver on WAN port

Hello everyone. I have a H3C MSR30-40 router that I use in my home network. I have it setup to route internet on GigabitEthernet0/0 (WAN port) to GigabitEthernet0/1 (LAN) port to provide internet to the devices in my house.

 

My issue with it is I have been getting emails from my ISP about an "Open Resolver" and needing to fix it. Since I hadn't even heard of the term until the emails, I really have no idea how to close it or fix it, but I know its used for DDoS and I don't want my ISP to cancel my internet because of it.

 

So if anyone could help me out I would greatly appreciate it. It's a great router otherwise, and a top performer, I haven't had to reset it since installed about 9 months ago , I just need to take care of this issue.

 

Thanks :) Jeremy

0 Kudos
3 REPLIES 3
mertdemi
Advisor

‎10-29-2014 07:33 AM

‎10-29-2014 07:33 AM

Re: H3C MSR30-40 - Need to close my open resolver on WAN port

Hi Jeremy

 

I dont have a definite answer but I guess you might have dns resolver or dns proxy enabled.

 

You can test using this web site or similiar  http://openresolver.com/  by disabling these commands if it fixes your issues.

If you directly use DNS server of your ISP you can use them at your clients and you do not need resolver or proxy.

 

Regards

0 Kudos
Jeremy112
Advisor

‎10-31-2014 07:19 PM

‎10-31-2014 07:19 PM

Re: H3C MSR30-40 - Need to close my open resolver on WAN port

Hello Mertdemi,

 

Thank you for the reply, yes you are correct, I do have DNS Proxy enabled. The reason I haven't yet disabled it is because if I do, my network devices are unable to browse the internet, pages come up as "Page cannot be displayed". If I leave it enabled, it works fine, but I get the open resolver issue.

 

Do you know how to solve this? Thank you again for your response. :)

jwhiteker
Occasional Contributor

‎12-22-2015 09:31 AM

‎12-22-2015 09:31 AM

Re: H3C MSR30-40 - Need to close my open resolver on WAN port

I am having the same issue with an MSR 20-10 router.  Is there no other way to fix this open dns resolver issue on this router without shutting down it's DNS proxy ability?  I prefer to use the router as my DNS point instead of on each client.  What good is a DNS proxy setting on a router if it opens you up to being used as a DOS attack??

I've been told that many router manufacturers are upgrading firmware to get rid of this vulnerability.  I ran a firmware update from HPE last night on my router and it did not fix the issue.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.