The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNS Worry

Discussion in 'Bind / DNS / Nameserver Issues' started by zodiac, Sep 11, 2006.

  1. zodiac

    zodiac Member

    Joined:
    Sep 10, 2006
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I get this message when I query my name using dnsreport

    ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
    Server xxx.xxx.xxx.xxx reports that it will do recursive lookups.


    the XXX is my IP Address, just removed it to be safe for the ticket.


    Is there a way I can secure my DNS better
    thank you
     
  2. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    I assume you got that error via dnsreport.com and there is a link there that shows you how to edit named.conf to fix it. I would put it here but I do not remember it exactly but I do remember it has something to do with recursion.
     
  3. hikaro

    hikaro Well-Known Member

    Joined:
    Nov 22, 2005
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    16
  4. skyhorse

    skyhorse Active Member

    Joined:
    Aug 18, 2004
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    if you do a search for "open dns" in this forum you'll find loads of threads about this...
    have a quick look at Fixing open DNS servers as well, it might help...
    always remember to backup your named.conf before any changes!

    sky
     
  5. Manuel_accu

    Manuel_accu Well-Known Member

    Joined:
    Jun 19, 2005
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    It is related to open DNS server and that reponnds to recursive queries for anyone which may lead to DDos attack using open DNS server.

    Fixing Open BIND DNS server: (source: dnsreport.com)

    * Open named.conf with a text editor
    * Use a line "recursion no;" in the "options" clause (or in the "view" clause)
    * If you need to enable recursion for your local network, you can use a "allow-recursion { ADD_LIST_OF_YOUR_IP_RANGES_HERE; }" line in the "options" section.

    If you are not sure for above step, check the below mentioned URL for easy gude:

    http://forums.linuxwebadmin.info/index.php/topic,49.0.html

    Thanks,
     
Loading...

Share This Page