Forum Discussion

samosa's avatar
samosa
Superfast
2 months ago

Received email from VM open DNS vulnerability

I received the email from VM Security that a device has an ODNSR vulnerability. 

We're writing to let you know that a device connected to your home network has been identified as having a potential Open DNS Resolver (ODNSR) vulnerability.

I operate an OPNsense firewall/router with all LAN traffic passing through Unbound DNS configured as the primary resolver. This system has been running for several months, but I recently rebuilt it (earlier this week) to refine its configuration and date it was rebuilt coincides with the date of the scan.

The OPNsense device operates on a dedicated subnet, separate from the subnet managed by my Virgin Media Hub 5.

I’ve retained the Hub 5 primarily as a Wi-Fi failover/redundancy solution to ensure uninterrupted wireless connectivity in case the OPNsense system requires maintenance or encounters issues.

I have checked all configuration again and only thing i forgot to tick was to enable DNSSEC Support, i've now done this. Is there any way this could this be a false positive, how can i get VM to scan again to see if the vulnerability is still present?

3 Replies

  • Client62's avatar
    Client62
    Alessandro Volta


    You can check this easily.

    Perform an:  nslookup hp.com Public_IP

    If your Public_IP works as a DNS resolver the problem persists.

    If the DNS request times out / fails the issue is resolved.

    • samosa's avatar
      samosa
      Superfast

      Thanks for your reply. 

      I believe the issue is down to NAT having incorrectly been set to forward request from Interface WAN to 127.0.01 rather than LAN. I've made the change and firewall logs look alot better however i'm not getting any timeouts when running your command as above.