@gusto said in Open DNS on the WAN interface:
Could someone from outside abuse my dns resolver?
You've said yourself :
@gusto said in Open DNS on the WAN interface:
I performed a port test and found that port 53 is open to the Internet
This :
bfd40ad3-8b24-417e-a381-037dfd684cad-image.png
means traffic from 'WAN' (the entire internet) was reaching your WAN IP, port 53 TCP and UDP, and passed. This mans the traffic reached the process that was (could be) boud to the port 53 for UDP and TCP : that's (normally) unbound or some other DNS handling server process.
Note : this would be fine if the interface was a LAN type interface.
One of the last barriers still in place (are they ?) are the aforementioned unbound ACL rules.
These are the last barrier that will prohibit unbound from taken in account a DNS requests from the WAN port.
Like a open rely mail server, you shouldn't 'open relay' your DNS facilities neither. It not bad per se, but what happens if I, and many other, start to request DNS requests to your WAN IP ? I'll be able to DOS your internet connection very rapidly.
So, again, normally, "if you don't know what a firewall is" : don't put any pass rules on the WAN interface, and you'll be fine.