Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: Problem di DNS

  1. #1
    Status
    Offline
    rgunawans's Avatar
    Baru Gabung
    Join Date
    Feb 2012
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Problem di DNS

    Dear all,

    mau nanya ya.. RB450 saya akhir2 ini sering muncul DNS yang ip-nya 0.0.0.0, kira2 kenapa ya? kena virus ya?



    Uploaded with

  2. #2
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ciri2 kena sality tu gan. silahkan pantengin torch, filter port 53. nanti keliatan, client yang ngebuka beberapa port ke arah port dns untuk jangka waktu yang tidak normal. gut luck gan.
    Invisible...

  3. The Following User Says Thank You to c0nf For This Useful Post:

    ffh

  4. #3
    Status
    Offline
    rgunawans's Avatar
    Baru Gabung
    Join Date
    Feb 2012
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    thanks Gan... sudah ketemu biang kerok-nya.. skr DNS ane kagak muncul 0.0.0.0 lagi...Click here to enlarge

  5. #4
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    solvednya gmn om?dishare donk siapa tahu besok2 saya atau teman2 yang lain punya mslh yg sama,

  6. #5
    Status
    Offline
    rgunawans's Avatar
    Baru Gabung
    Join Date
    Feb 2012
    Posts
    9
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    step-stepnya:
    1. ane pelototin torch ip yang akses ke port 53, sort berdasarkan TX rate
    2. ketemu khan yang paling tinggi speednya..
    3. ane buat Address List baru, misalkan BadDNSRequest, masukkin semuanya ke sini
    4. Ane buat filter rule, chain-nya INPUT, protocol: UDP, dst port: 53, src address list: BadDNSClient, acion: DROP
    5. selesai...

  7. #6
    Status
    Offline
    whiely's Avatar
    Member Senior
    Join Date
    Jun 2010
    Location
    :unidentified:
    Posts
    423
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by rgunawans Click here to enlarge
    step-stepnya:
    1. ane pelototin torch ip yang akses ke port 53, sort berdasarkan TX rate
    2. ketemu khan yang paling tinggi speednya..
    3. ane buat Address List baru, misalkan BadDNSRequest, masukkin semuanya ke sini
    4. Ane buat filter rule, chain-nya INPUT, protocol: UDP, dst port: 53, src address list: BadDNSClient, acion: DROP
    5. selesai...

    super sekali... Click here to enlarge

  8. #7
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    script nya kurang praktis gan, karena kita harus mengisi manual address list baddns. saya copy dari lupa postingan siapa, kurang lebih isinya ini

    Code:
    add action=drop chain=forward comment="" disabled=no dst-address-list=!dns \
        dst-port=53 in-interface=ether4-LAN protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-address-list=!dns \
        dst-port=53 in-interface=ether4-LAN protocol=tcp
    address list dns kita isi dengan dns yang kita gunakan, misalkan dns nya google, nawala dll. Click here to enlarge
    Invisible...

  9. #8
    Status
    Offline
    wf.Corner.net's Avatar
    Member
    Join Date
    Nov 2010
    Location
    Di hAtImU
    Posts
    100
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalau begini maksudnya apa suhu?

    chain=dstnat action=redirect to-ports=53 protocol=tcp dst-port=53


    chain=dstnat action=redirect to-ports=53 protocol=udp dst-port=53

  10. #9
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    @^

    kalau tidak salah rule tersebut akan memaksa client untuk memakai DNS yg telah diset di mikrotik, jadi meskipun client gonta ganti DNS tanpa sepengetahuan mereka DNS nya telah dibelokan memakai DNS mikrotik,
    CMIIW

  11. The Following User Says Thank You to dhopack For This Useful Post:


  12. #10
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by dhopack Click here to enlarge
    @^

    kalau tidak salah rule tersebut akan memaksa client untuk memakai DNS yg telah diset di mikrotik, jadi meskipun client gonta ganti DNS tanpa sepengetahuan mereka DNS nya telah dibelokan memakai DNS mikrotik,
    CMIIW
    Yups benul eh betul. Dan rule tsb kalau ketemu sality, berarti si virus akan flood ke mikrotik (menghasilkan 0.0.0.0 tadi) karena semua tujuan port 53 dibelokkan ke id dns mikrotik. Utk ukuran sktr 50 pc udah cukup bikin repot pc router. Ntah apa jadinya kalau ketemu rb750..
    Invisible...

  13. The Following User Says Thank You to c0nf For This Useful Post:


  14. #11
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    kalau rb750 kan tinggal pake script diatas(postnya om conf)hehehe, dan mnrt saya sih untuk meminimalisir cpu load rb750 seperti post yg dulu2, allow yg perlu2 saja dan selebihnya di drop drpd rule filter yang seabrek bisa bikin rb750 puyeng,
    dulu (pengalaman pribadi) rb750 untuk hotspot menggunakan userman dengan rule aktif filter:50, nat:29, mangle:440, dengan Qtree sistem HTB dengan total item di queue sebanyak 230 item, L7:3, HIT proxy hanya 10mbps, user yg OL bareng kurang dr 15 cpu load udah diatas 50% kadang2 malah smpe 100% beberapa menit akhirnya hang dan restart tuh rb750 Click here to enlarge (sebelum dipensiunkan emng sengaja ngetest)
    kok malah ngelantur ya hehehe sori OOT dikit Click here to enlarge

  15. #12
    Status
    Offline
    wf.Corner.net's Avatar
    Member
    Join Date
    Nov 2010
    Location
    Di hAtImU
    Posts
    100
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by c0nf Click here to enlarge
    script nya kurang praktis gan, karena kita harus mengisi manual address list baddns. saya copy dari lupa postingan siapa, kurang lebih isinya ini

    Code:
    add action=drop chain=forward comment="" disabled=no dst-address-list=!dns \
        dst-port=53 in-interface=ether4-LAN protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-address-list=!dns \
        dst-port=53 in-interface=ether4-LAN protocol=tcp
    address list dns kita isi dengan dns yang kita gunakan, misalkan dns nya google, nawala dll. Click here to enlarge
    koq tetap aja lewat yah,.. dns 0.0.0.0 tetap ada

  16. #13
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    in interface nya sesuaikan dengan rb nya masing2. Sebetulnya script itu pada dasarnya cuman p3k sblm prngobatan yang sesuangguhnya, yaitu: basmi semua virus di semua pc hahhahahah
    @om dhopack: kmrn coba2 bikin queue tree utk 100user (iix dan intl), user aktif baru 4, bandwidth lewat 1mbps, blm ada proxy, udah megap2 rb nya hahhaha.lg nunggu diganti jadi pc router dulu jadinya Click here to enlarge
    Invisible...

  17. #14
    Status
    Offline
    dhopack's Avatar
    Forum Guru
    Join Date
    Dec 2010
    Location
    KUDUS
    Posts
    1,919
    Reviews
    Read 0 Reviews
    Downloads
    2
    Uploads
    0
    Feedback Score
    0
    ngeri ah smpe 100user (iix dan intl), kasihan si rb750(router termurah) dengan segala keterbatasannya sering dibuat tak berdaya oleh para adminnya Click here to enlarge (termasuk saya Click here to enlarge)

  18. #15
    Status
    Offline
    c0nf's Avatar
    Contributor
    Join Date
    Jul 2007
    Location
    Bandung, Indonesia
    Posts
    1,816
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kita kan abuse ke rb wkwkkwkwwkkwkw
    Invisible...

 

 
Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. problem-1100
    By hendr4 in forum General Networking
    Replies: 8
    Last Post: 07-04-2011, 12:23
  2. [help] DIR-300 lan problem
    By joysolutions in forum Wireless Networking
    Replies: 7
    Last Post: 26-12-2009, 15:43
  3. (ASK) RB750G problem
    By andre_i in forum Beginner Basics
    Replies: 2
    Last Post: 11-12-2009, 10:41
  4. Problem install MT
    By aponter in forum Beginner Basics
    Replies: 11
    Last Post: 07-10-2008, 03:51
  5. RB532A problem
    By wedusterbang in forum General Networking
    Replies: 0
    Last Post: 25-07-2008, 12:37

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •