Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel DNS Clustering -> Allowing axfr by default

Discussion in 'Bind/DNS/Nameserver' started by optize, Apr 9, 2009.

  1. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    166
    Sadly, I found out the hard way...

    cPanel DNS clusters allow axfr requests to all domains by default. Therefore every person on the internet can get a full list of records for my domain, even if I don't want them to.

    How do I fix this ASAP?

    I tried this on several other cPanel servers, they all do the same thing.
     
  2. acenetryan

    acenetryan Well-Known Member
    PartnerNOC

    Joined:
    Aug 21, 2005
    Messages:
    197
    Likes Received:
    1
    Trophy Points:
    168
    You can specify who can request zone modifications using the:

    Code:
    allow-transfer {};
    
    directive within your options section in /etc/named.conf. If you wanted to disable it for all hosts, you can add:

    Code:
    options {
       ....
       allow-transfer {none;};
    };
    
    cPanel's cluster system uses proprietary scripts to perform DNS syncs with master servers, so I don't believe you'll encounter any particular problems with disabling AXFR.
     
    #2 acenetryan, Apr 9, 2009
    Last edited: Apr 9, 2009
  3. acenetryan

    acenetryan Well-Known Member
    PartnerNOC

    Joined:
    Aug 21, 2005
    Messages:
    197
    Likes Received:
    1
    Trophy Points:
    168
  4. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    166
    I know how to change it in bind.conf, however I'm concerned it will just get re-written when cPanel re-loads the zones.
     
  5. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    166
    Sounds good, we'll change it and pray for the best.

    cPanel -- possible to add this as default?
     
  6. acenetryan

    acenetryan Well-Known Member
    PartnerNOC

    Joined:
    Aug 21, 2005
    Messages:
    197
    Likes Received:
    1
    Trophy Points:
    168
    We've had AXFR transfer requests disabled for some time in /etc/named.conf on our cluster and cPanel has yet to overwrite it. Unless you explicitly perform a rebuild of your named.conf, I don't believe cPanel will remove this option. If you have to rebuild your named.conf, just remember to add back in your options.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice