zodiac

Member
Sep 10, 2006
15
0
151
I get this message when I query my name using dnsreport

ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server xxx.xxx.xxx.xxx reports that it will do recursive lookups.


the XXX is my IP Address, just removed it to be safe for the ticket.


Is there a way I can secure my DNS better
thank you
 

rhenderson

Well-Known Member
Apr 21, 2005
785
2
168
Oklahoma
cPanel Access Level
Root Administrator
zodiac said:
I get this message when I query my name using dnsreport

ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server xxx.xxx.xxx.xxx reports that it will do recursive lookups.


the XXX is my IP Address, just removed it to be safe for the ticket.


Is there a way I can secure my DNS better
thank you
I assume you got that error via dnsreport.com and there is a link there that shows you how to edit named.conf to fix it. I would put it here but I do not remember it exactly but I do remember it has something to do with recursion.
 

skyhorse

Active Member
Aug 18, 2004
25
0
151
if you do a search for "open dns" in this forum you'll find loads of threads about this...
have a quick look at Fixing open DNS servers as well, it might help...
always remember to backup your named.conf before any changes!

sky
 

Manuel_accu

Well-Known Member
Jun 19, 2005
191
0
166
It is related to open DNS server and that reponnds to recursive queries for anyone which may lead to DDos attack using open DNS server.

Fixing Open BIND DNS server: (source: dnsreport.com)

* Open named.conf with a text editor
* Use a line "recursion no;" in the "options" clause (or in the "view" clause)
* If you need to enable recursion for your local network, you can use a "allow-recursion { ADD_LIST_OF_YOUR_IP_RANGES_HERE; }" line in the "options" section.

If you are not sure for above step, check the below mentioned URL for easy gude:

http://forums.linuxwebadmin.info/index.php/topic,49.0.html

Thanks,