Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Are tunnel endpoints open DNS resolvers?  (Read 45 times)

snarked

  • Hero Member
  • *****
  • Posts: 794
Are tunnel endpoints open DNS resolvers?
« on: September 11, 2021, 08:59:30 AM »

I have rate limiting enabled in my DNS server.  Im getting rate limiting messages in my system logs for DNS queries that appear to be from HEs tunnel server.  Example:

Quote
11-Sep-2021 08:23:52.542 client @0x7fcf905af6e0 66.220.18.42#26678 (DELETED-bl.snarked.net): rate limit slip NODATA response to 66.220.18.0/24 for DELETED-bl.snarked.net IN  (2d03f8d7)

I see no reason for a tunnel server to be the source of a query for any hosted domain outside of HE itself.  Is there a security hole permitting them to be open resolvers?

I have masked the actual query by deleting part of it, but left enough of it to show that it is a DNSBL entry, not a hostname query.  Why would a tunnel server be checking my private list (and furthermore, the list being checked is not an IPv4, IPv6, or a domain name list, but something else)?  66.220.18.42 is the Los Angeles tunnel server endpoint address.
Logged