The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel DNS Clustering -> Allowing axfr by default

Discussion in 'Bind / DNS / Nameserver Issues' started by optize, Apr 9, 2009.

  1. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Sadly, I found out the hard way...

    cPanel DNS clusters allow axfr requests to all domains by default. Therefore every person on the internet can get a full list of records for my domain, even if I don't want them to.

    How do I fix this ASAP?

    I tried this on several other cPanel servers, they all do the same thing.
     
  2. acenetryan

    acenetryan Well-Known Member
    PartnerNOC

    Joined:
    Aug 21, 2005
    Messages:
    197
    Likes Received:
    1
    Trophy Points:
    18
    You can specify who can request zone modifications using the:

    Code:
    allow-transfer {};
    
    directive within your options section in /etc/named.conf. If you wanted to disable it for all hosts, you can add:

    Code:
    options {
       ....
       allow-transfer {none;};
    };
    
    cPanel's cluster system uses proprietary scripts to perform DNS syncs with master servers, so I don't believe you'll encounter any particular problems with disabling AXFR.
     
    #2 acenetryan, Apr 9, 2009
    Last edited: Apr 9, 2009
  3. acenetryan

    acenetryan Well-Known Member
    PartnerNOC

    Joined:
    Aug 21, 2005
    Messages:
    197
    Likes Received:
    1
    Trophy Points:
    18
  4. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    I know how to change it in bind.conf, however I'm concerned it will just get re-written when cPanel re-loads the zones.
     
  5. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Sounds good, we'll change it and pray for the best.

    cPanel -- possible to add this as default?
     
  6. acenetryan

    acenetryan Well-Known Member
    PartnerNOC

    Joined:
    Aug 21, 2005
    Messages:
    197
    Likes Received:
    1
    Trophy Points:
    18
    We've had AXFR transfer requests disabled for some time in /etc/named.conf on our cluster and cPanel has yet to overwrite it. Unless you explicitly perform a rebuild of your named.conf, I don't believe cPanel will remove this option. If you have to rebuild your named.conf, just remember to add back in your options.
     
Loading...

Share This Page