cPanel DNS Clustering -> Allowing axfr by default

**optize** · 04-09-2009 02:09 PM

Sadly, I found out the hard way...

cPanel DNS clusters allow axfr requests to all domains by default. Therefore every person on the internet can get a full list of records for my domain, even if I don't want them to.

How do I fix this ASAP?

I tried this on several other cPanel servers, they all do the same thing.

**rking** · 04-09-2009 06:16 PM

You can specify who can request zone modifications using the:

Code:

allow-transfer {};

directive within your options section in /etc/named.conf. If you wanted to disable it for all hosts, you can add:

Code:

options {
   ....
   allow-transfer {none;};
};

cPanel's cluster system uses proprietary scripts to perform DNS syncs with master servers, so I don't believe you'll encounter any particular problems with disabling AXFR.

**rking** · 04-09-2009 06:24 PM

That may actually only disable the transfer requests. There is a ton of info on BIND directives here:

http://www.zytrax.com/books/dns/ch7/xfer.html

**optize** · 04-10-2009 09:16 AM

I know how to change it in bind.conf, however I'm concerned it will just get re-written when cPanel re-loads the zones.

**optize** · 04-10-2009 09:24 AM

Sounds good, we'll change it and pray for the best.

cPanel -- possible to add this as default?

**rking** · 04-10-2009 09:26 AM

We've had AXFR transfer requests disabled for some time in /etc/named.conf on our cluster and cPanel has yet to overwrite it. Unless you explicitly perform a rebuild of your named.conf, I don't believe cPanel will remove this option. If you have to rebuild your named.conf, just remember to add back in your options.

LinkBack

Thread Tools

cPanel DNS Clustering -> Allowing axfr by default

AXFR problem with secondary DNS server zone transfer

DNS Clustering Plesk Windows & CPANEL DNS ONLY

cPanel DNS Clustering.

cPanel 11.24 dns clustering

cPanel 11 and DNS Clustering