DNS Resolvers Abuse - warning from VPS?

Hello everyone,

I’m hosting an ERPNext instance on a VPS in Germany, and then I created an A Record (via namecheap) that points a subdomain to the VPS. I host nothing else on the VPS, and I’ve setup ERPNext via the method described on this discussion thread that I created: Easy Install is definitely bugged on Ubuntu 18.04 - #7 by Tufan_Kaynak2

I received an email today from my VPS host stating that they received the security alert below from the German Federal Office for Information Security (BSI). Any idea what’s the cause of this or how to resolve it??

Dear Sir or Madam,

open DNS resolvers are abused for conducting DDoS reflection/
amplification attacks against third parties on a daily basis.

Affected systems on your network:

Format: ASN | IP | Timestamp (UTC)
24940 | My VPS’s IP Address | 2019-11-26 03:11:51

We would like to ask you to check if the open resolvers identified
on your network are intentionally configured as such and appropriate
countermeasures preventing their abuse for DDoS attacks have been
implemented.
Additional information on this notification, advice on how to fix
reported issues and answers to frequently asked questions:
https://reports.cert-bund.de/en/

Hello trynix,

We are in the same situation:

Kind regards,

Alb

Hi again,

I found a way to disalow open dns-resolver in dnsmasq:

As they indicate at the end of the thread, you can change configuration file /etc/dnsmasq.conf and then restart dnsmasq: service dnsmasq restart

And now at last, recheking my ip address, I see status refused when I ding my ip address.

Is there a way that this can be configured by defect on ERPNExt?

Many thanks and kind regards,

Alb

p.s I tried to write this on the other thread, but the system wouldn’t allow me to write 3 consecutive replies together

Hello!!

Thank you for your response! What change worked for you, was it just uncommenting the no-resolv line in the dnsmasq conf file?

Hello Trynix,

Yes, I think so. Uncomment it ans restart dnsmasq.

Is it working for you?

Kind regards,

Alb

Hi pagliaso,

Not sure and probably won’t know for a fact. What I did was I contacted my DNS provider and shared the email from CERT. They ran a few tests and replied to me that what they’re doing is fully in-line with CERT’s requirements (https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/C), and they shared the results and asked for more details from CERT on the issue in order to comply. I contacted CERT with the details from the DNS provider, and CERT whitelisted my VPS’s IP address.

Hope this helps.