Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  


Welcome to Hurricane Electric's forums!

Author Topic: Are tunnel endpoints open DNS resolvers?  (Read 44 times)


  • Hero Member
  • *****
  • Posts: 794
Are tunnel endpoints open DNS resolvers?
« on: September 11, 2021, 08:59:30 AM »

I have rate limiting enabled in my DNS server.  Im getting rate limiting messages in my system logs for DNS queries that appear to be from HEs tunnel server.  Example:

11-Sep-2021 08:23:52.542 client @0x7fcf905af6e0 ( rate limit slip NODATA response to for IN  (2d03f8d7)

I see no reason for a tunnel server to be the source of a query for any hosted domain outside of HE itself.  Is there a security hole permitting them to be open resolvers?

I have masked the actual query by deleting part of it, but left enough of it to show that it is a DNSBL entry, not a hostname query.  Why would a tunnel server be checking my private list (and furthermore, the list being checked is not an IPv4, IPv6, or a domain name list, but something else)? is the Los Angeles tunnel server endpoint address.