The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

dns clustering security flaw

Discussion in 'Bind / DNS / Nameserver Issues' started by optize, Apr 2, 2009.

  1. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    We recently enabled DNS clustering on all of our shared boxes, only to find out that you can edit any domain on any shared box, regardless of where it's located.

    Therefore, if ANYONE gets into any of our shared boxes, they could delete every single domain across my network.

    Why is this? Shouldn't syncing be one way?
     
  2. randomuser2

    randomuser2 Member

    Joined:
    Dec 23, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    If you think you've found a security issue in cPanel, the best thing is to email security@cpanel.net

    For general feature requests or enhancements, the best route is http://bugzilla.cpanel.net

    Do keep us posted on the outcome please.

    Thanks.
     
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    You can set up syncing to be one way if you desire. That's all up to how you configure the DNS cluster.

    Keep in mind, if you are root user on a server that is receiving DNS records from other servers, you can edit those other DNS records. DNS clustering is designed for owners that have multiple servers and wish to cluster their DNS.

    Reseller users and lower can only change the DNS records they own. They cannot change the DNS records from other servers.
     
  4. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Not exactly sure what you mean.

    I have my shared servers set for 'Sync' in clustering, they sync with ns1/ns2. NS1 and NS2 clustering is set for Standalone.

    So the question is why would changes from lets say cp05, get sync to ns1, and then ns1 would re-sync to cp06.

    I'm not worried about resellers, I'm worried about someone logging in as 'root'

    Synchronize Changes: All changes made on this server will be replicated to any server linked to this server in the cluster. Synchronization is one-way: Changes made on the other server will not be replicated to this server unless Synchronize Changes is selected on that server as well.

    Standalone: All changes made on this server will not replicated to any other server(s).
     
  5. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Okay, let me understand this scenario correctly: NS1 set to synchronize to cp05 and cp06, cp05 is NOT set to synchronize yet root on cp05 is able to change a zone and have it propagate to cp06 despite the server being set to not synchronize?
     
  6. neutro

    neutro Well-Known Member

    Joined:
    Apr 11, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Same here, why when i click on the edit dns, all the domains from ns1 and ns2 are loaded ( no db in /var/named) and no entry in named.conf)
    If anybody logged in to one of the clustered servers they can simply modify record in ns1 and ns2. Can cpanel load domains from that server only? Based on named.conf in that particular server not from ns1 or ns2.
     
  7. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    This is how it's setup

    cp05 (shared server) is setup to do clustering with ns1/ns2. On the cp05 side, it's set for 'Sync'

    cp06 (shared server) is setup to do clustering with ns1/ns2. On the cp06 side, it's set for 'Sync'

    On ns1/ns2, it's set for standalone between ns1/ns2, between ns1 & ns2/cp05, and between ns1 & ns2/cp06.

    So, on cp06, I can see all the domains that are on cp05 and I can delete all of them. I see this as being a huge security flaw. If anyone gets into any of my shared servers via 'root', they could take down my entire cluster.

    :eek:
     
  8. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Any update?
     
  9. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Something doesn't sound right. Synchronization is always one-way so cp05 should be going to ns1 and ns2 but ns1 and ns2 should NOT be sending that data to cp06 at all (as both are set as standalone to cp06, cp05 and each other) - meaning there shouldn't even be anything from cp05 on cp06 that can be viewed much less edited at all.

    Based on your description, there seems to be a malfunction somewhere. I recommend having our technical analysts look at this for you so they can determine what is causing this issue. You can reach our technical analysts at: http://tickets.cPanel.net/submit
     
  10. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    so cPanel says it's supposed to work that way, even though it's a huge security flaw, they won't address it.

    Please voice your concern to them.

    --

    Sorry for the confusion, this is not a security flaw but is intended behaviour.

    When you setup a DNS cluster with another server this is setup as a "Root Trust Relationship" between the servers and each server in the cluster will access to all DNS Zones in the cluster.

    This is the nature of a "Trust Relationship" between the servers.

    Kevin Asklund
    Technical Analyst 3
    cPanel Advanced Support
     
  11. hbouma

    hbouma Well-Known Member

    Joined:
    Jun 8, 2002
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    "When you setup a DNS cluster with another server this is setup as a "Root Trust Relationship" between the servers and each server in the cluster will access to all DNS Zones in the cluster.

    This is the nature of a "Trust Relationship" between the servers."

    cPanel should clarify that root trust relationships in a cluster are transitive in their documentation then. As pointed out in the example, srv05 and srv06 do not have an explicit trust relationship established between them yet they inherit it because they both trust the ns1 and ns2 name servers. This is what allows them to edit the other server's zones.

    Hal
     
  12. JordiCS

    JordiCS Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Catalonia, EU
    cPanel Access Level:
    Root Administrator
    Hello,

    First of all, sorry if there has been any answer to this problem, which I am experiencing too. I have though browsed the whole forum and Cpanel Bugzilla and have not found the solution.

    I have two clustered vps. vps1 with dns role set to "Syncronize changes" to vps2, and vps2 as "Standalone". When I add, modify or change a zone on vps1, this is replicated to vps2. But when I do the same on standalone vps2, changes are also replicated to vps1 when they didn't have to.

    Moreover, exactly the same is happening when I disable clustering on vps2 and remove vps1 IP from "Servers in your DNS cluster": changes on vps2 are still beeing propagated to vps1 -not always, but most times.

    I don't know whether it can be related to the fact that "DNS Functions >> Synchronize DNS Records" is always showing the option "Synchronize all zones to all servers" checked by default, even after I have been performing a synchronization by any other method.

    Best regards,
     
    #12 JordiCS, Jul 19, 2009
    Last edited: Jul 19, 2009
  13. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    There hasn't been a fix, it's still a security issue.
     
  14. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Just to clarify,

    You setup a DNS cluster between a few hosts, and expect it to manage the DNS on all of those hosts (if you don't know it yet, that's exactly what a cluster does, it manages everything on the hosts involved), and want it to add DNS records to all the servers that you have setup.

    BUT, when you suddenly login to 1 machine, and see DNS records from another, you say it's a security flaw?????? I think you may need to re-think this a bit. a Cluster does exactly what you are seeing right now.

    If you setup a DNS cluster between NS1 & NS2, and put them both into sync, then ALL the records from both servers WILL BE available on EITHER. That's how it works, that's what it's supposed todo. If you can't understand this concept, then rather disable it.
     
  15. JordiCS

    JordiCS Well-Known Member

    Joined:
    Dec 3, 2003
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Catalonia, EU
    cPanel Access Level:
    Root Administrator
    I myself do understand perfectly clustering concept. But:

    As stated in a lot of places -CPanel instructions related to clustering, several threads on these forums, and on WHM itself- there are two different ways for clustering:

    -two-way clustering: all changes done on one server are being propagated to all clustered servers (option "syncronize changes" set on all servers).
    -one-way clustering: changes made on server1 are propagataded to server2 and the rest, but changes made on a certain server2 are NOT propagated to server1 and the rest IF you set server2 as "standalone".

    See the "Notes" on WHM "Cluster management" page about this. My english is not at all excellent, but I think I am understanding them quite well:

    "Synchronize Changes: All changes made on this server will be replicated to any server linked to this server in the cluster. Synchronization is one-way: Changes made on the other server will not be replicated to this server unless Synchronize Changes is selected on that server as well.

    "Standalone: All changes made on this server will not replicated to any other server(s)."

    Well, this is what some people (me included) are finding: Clustering is always being TWO WAY, without real option of making it ONE WAY. When I set server2 as standalone, changes made on this server are also propagating to server1, and this was not expected to happen. Even if I unlink server1 on server2 clustering configurations, changes made on server2 are propagating to server 1, and this was not expected to happen.

    Regards,
     
    #15 JordiCS, Jul 22, 2009
    Last edited: Jul 22, 2009
  16. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    I've spent too many hours going back and forth on cPanel about this.. This is their response:

    "It's not really clustering, as it doesn't copy the actual zone files to each server, however each cPanel server in a cluster can edit/delete the other zone files"

    Huge freaking security loophole here.

    :eek:
     
  17. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    NY
    Been complaining about this for ages. I never understood why they do not "see" this as a security flaw.
     
  18. optize

    optize Well-Known Member

    Joined:
    Apr 27, 2005
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    They have created a bug request to fix this. Hopefully it will be done soon and not in 2 years :)

    If you want it fixed as well, please let them know by replying in this thread, it's attached to the bug request.
     
  19. JamesSmith

    JamesSmith Well-Known Member

    Joined:
    Sep 17, 2003
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK, Luton
    I add my support to this.

    There should be a feature at least allowing a server to be excluded from listing and modifying the zones (the cluster side, to prevent it being turned off). A good example of this is allowing a dedicated server client to use our name servers. I obviously don't want them to modify and delete all other zones on other servers also using the name servers.

    Its not so much of a problem if the server is fully managed, as the client wouldn't have access as root.
     
    #19 JamesSmith, Oct 12, 2009
    Last edited: Oct 12, 2009
  20. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    414
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    It is my understanding that a revamp of the DNS clustering is planned to address these issues.
    From what I heard, they will be building in granular security so that, for example, a dedicated server could use the cluster and not have access to any zones that are not from his server, and resellers only have access to zones under them.

    This is something that is a big concern for me as well and so I brought it up at cPanelConf.
     
Loading...

Share This Page