This morning I got a letter from my ISP saying that my Ubuntu Server (13.10) can be used as an "open DNS resolver". They propose 3 possible solutions to fix this problem:
- Limit access to recursive servers
- Authorisation servers are not
allowed to implement recursion - The access to your server could be
limited by using a firewall
So I did some research and found out (through http://www.openresolver.jp/en/) that my server is indeed vulnerable. The problem however is, that according to my whereabouts, I never installed an DNS server on the machine.
After reading a bit more, I found out that DNSMasq is installed by default and people suggest securing it, but I can't find any config file whatsoever. When I run ps aux | grep dnsmasq
, I do get:
server 21966 0.0 0.0 8172 952 pts/1 S+ 09:09 0:00 grep --color=auto dnsmasq
Also, I have a feeling my OpenVPN service could have something to do with it. My server is still vulnerable even after I disable my OpenVPN service.
I would be thankful to anyone who has any tip(s) or advice on how to make my server safe and shut down or secure the responsible service. If I don't manage to solve the issue, my ISP will disconnect me from the network.