DNS with Relaying Off

benfaust · 22nd November 2013, 03:58

Yesterday, our dedicated server host contacted me saying our server was being used to attack others using DNS Relaying (apparently they're spoofing IPs to have us return data to them). They instructed me to turn off DNS Relaying. After doing so, the two Shoutcast servers we run still accept input and show as being up on the related web page, but cannot be listened to anywhere and they no longer show up in the Shoutcast directory. The only thing that changed was the DNS Relaying. Is there any way to make the Shoutcast server work with Relaying turned off?

ThiefMaster · 22nd November 2013, 19:42

DNS relaying attacks have nothing to do with Shoutcast at all.

Sounds like your ISP was talking about a DNS amplification attack. You need to change your nameserver's config (usually bind) so people cannot it to perform recursive lookups for domains the nameserver is not authoritative for.

If you do not know how to fix that or do not have root privileges on the machine consider asking someone with enough knowledge (and root access) to do it.

benfaust · 22nd November 2013, 20:33

Thanks, ThiefMaster, your reply sent me in the right direction. I found out how to allow recursion for the localhost, and the streams are now working again. Hopefully I didn't open it wide enough to re-enable the attacks. If you happen to know some other way besides that, something that limits it to domains (although I'm using an IP address for the players), I'm very inexperienced with server management (I manage ours out of necessity) and welcome advice!

ThiefMaster · 22nd November 2013, 20:34

Use http://dnscheck.iis.se/ - I'm sure it checks for open resolvers, too.

22nd November 2013, 03:58	#1
benfaust Junior Member Join Date: Aug 2008 Location: Harrisonburg, VA Posts: 3	DNS with Relaying Off Yesterday, our dedicated server host contacted me saying our server was being used to attack others using DNS Relaying (apparently they're spoofing IPs to have us return data to them). They instructed me to turn off DNS Relaying. After doing so, the two Shoutcast servers we run still accept input and show as being up on the related web page, but cannot be listened to anywhere and they no longer show up in the Shoutcast directory. The only thing that changed was the DNS Relaying. Is there any way to make the Shoutcast server work with Relaying turned off?

22nd November 2013, 20:33	#3
benfaust Junior Member Join Date: Aug 2008 Location: Harrisonburg, VA Posts: 3	Working Thanks, ThiefMaster, your reply sent me in the right direction. I found out how to allow recursion for the localhost, and the streams are now working again. Hopefully I didn't open it wide enough to re-enable the attacks. If you happen to know some other way besides that, something that limits it to domains (although I'm using an IP address for the players), I'm very inexperienced with server management (I manage ours out of necessity) and welcome advice!

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

22nd November 2013, 19:42	#2
ThiefMaster Junior Member Join Date: Mar 2003 Posts: 21	DNS relaying attacks have nothing to do with Shoutcast at all. Sounds like your ISP was talking about a DNS amplification attack. You need to change your nameserver's config (usually bind) so people cannot it to perform recursive lookups for domains the nameserver is not authoritative for. If you do not know how to fix that or do not have root privileges on the machine consider asking someone with enough knowledge (and root access) to do it.

22nd November 2013, 20:34	#4
ThiefMaster Junior Member Join Date: Mar 2003 Posts: 21	Use http://dnscheck.iis.se/ - I'm sure it checks for open resolvers, too.