says, may help to know what make / model of equipment you're talking about.
Also a screenshot of said setting would help.
said by justsoso:
I have read that it is what relays the dns info to the connected devices. The thing I don't understand is, it opens port 53 up to the internet. This port is being used as a point of DNS Amplification attack. I need to close this port but still be able to allow the modem/router to hand out dns info to the connected devices. When disabling dns proxy, I can see that the modem still knows what the dns servers are even after a reboot so why can it not pass that info on without dns proxy enabled?
Okay, there is so much misunderstanding in that paragraph... let's see if we can help you out.
A a base level, a proxy is a (trusted) middleman / 3rd party for a transaction.
A proxy cannot "open" a port directly, the devices in the path must have some way of determining whether
traffic is permitted or not (typically referred to as a firewall). Secondly the other key concept is WHICH
direction is the traffic flowing?
Yes, there is DNS amplification attacks, but you're going/thinking about this the wrong way.... or are
confused as to your endgoal. If you're concerned about stopping your internal hosts from being part
of a botnet to launch a DNS amp attack, the LAST thing you want to be messing with is the DNS proxy
setting(s). Rather, I'd get software or hardware to monitor and chart what traffic you've got running
around your network. If you've got an internal DNS server, then again, you're using the wrong tool
to prevent yourself from falling victim to a DNS amp attack.The general traffic flow of said attack looks like this.
So which scenario of the two above I outlined are you trying to
Also, if this is for a home connection, or using ISP-supplied elcheapo gear, it's not going to do much
in stopping this sort of thing, inbound or outbound. I'd start with getting a better understanding of
networking basics and higher-end gear that CAN be configured to check / deny traffic both IN and OUTbound.