My internal IP is spammed with dns records, how to limit them? please help

haonv · January 4, 2024, 12:53am

My internal IP is spammed with dns records, how to limit them? please help
i am using adguard home as dns server, and strange records from ip addresses not in the LAN appear with great frequency.

krazeh · January 4, 2024, 1:26am

Without any actual details of your setup or what you mean by 'spammed' there's no way we can realistically help.

LilRedDog · January 4, 2024, 1:27am

Would you copy and paste the system log including what happed just before the spamming started?

Highlight the paste and hit the " in the tool bar.

haonv · January 4, 2024, 1:42am

i am using adguard home as dns server, and strange records from ip addresses not in the LAN appear with great frequency.

LilRedDog · January 4, 2024, 1:45am

That helps us help you in no way.

Which is it.
Actually that is not worth asking; just show us what you see that is alarming you.

haonv · January 4, 2024, 1:46am

I cannot attach images or files

LilRedDog · January 4, 2024, 1:47am

You do not know how to copy and paste?

haonv · January 4, 2024, 1:48am

too many requests per second, increasing the number of connections

haonv · January 4, 2024, 1:49am

08:48:53

4/1/2024

adobe.com

Type: TXT, Plain DNS

Processed

0.11 ms

181.191.41.42

08:48:53

4/1/2024

adobe.com

Type: TXT, Plain DNS

Processed

0.16 ms

181.191.41.99

LilRedDog · January 4, 2024, 1:49am

Hit the refreshing button (top right) and it will pause polling.

haonv · January 4, 2024, 1:49am

spam according to dns records from a strange ip address

dave14305 · January 4, 2024, 1:51am

Is your firewall allowing incoming WAN connections on port 53? Post your /etc/config/firewall

haonv · January 4, 2024, 1:54am

config redirect
option dest 'lan'
option target 'DNAT'
option name 'Port Forwards DNS'
list proto 'udp'
option src 'lan'
option src_dport '53'
option dest_ip '192.168.2.1'
option dest_port '5353'

haonv · January 4, 2024, 1:55am

only dns records from LAN, not setup from WAN

haonv · January 4, 2024, 1:57am

How to deny these DNS connections? Because they clog records and increase the number of active connections. Active Connections 28909/65536

LilRedDog · January 4, 2024, 2:00am

I'm borrowing this from psherman
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

LilRedDog · January 4, 2024, 2:01am

Take a breath.
We get it you are alarmed but we cannot help you in a panic.

and pause OpenWrt polling by hitting the refresh button in the top right.

dave14305 · January 4, 2024, 2:03am

Nonsense. If this external IP is showing up as a DNS client in the query log, you're letting some unwanted traffic into your network. Post the full /etc/config/firewall.

haonv · January 4, 2024, 2:05am

root@CI:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix ' 
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.3.175.253'
        option netmask '255.255.255.0'
        option gateway '10.3.175.1'

config interface 'wan'
        option device 'eth1'
        option proto 'pppoe'
        option username '*'
        option password '*'
        option ipv6 'auto'
        option mtu '1492'
        option peerdns '0'
        option ip6assign '64'
        list ip6class 'local'
        option metric '3'
        list dns '192.168.2.1'

config interface 'LAN'
        option proto 'static'
        option device 'eth2'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option delegate '0'
        option ip6assign '64'
        list ip6class 'wan_6'
        list dns '192.168.2.1'

haonv · January 4, 2024, 2:07am

root@CI:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        option confdir '/tmp/dnsmasq.d'
        list server '192.168.2.1'
        list server '8.8.8.8'
        list server '1.1.1.1'

config dhcp 'lan'
        option interface 'lan'
        option start '10'
        option limit '100'
        option leasetime '12h'
        option dhcpv4 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'LAN_PVH'
        option interface 'LAN_PVH'
        option start '2'
        option limit '254'
        option leasetime '12h'
        option preferred_lifetime '3h'