The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to stop services like whois.sc from data mining your DNS servers?

Discussion in 'Bind / DNS / Nameserver Issues' started by jasmin, Nov 9, 2005.

  1. jasmin

    jasmin Member

    Joined:
    Oct 18, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hi there.

    I'm wondering how to stop services like whois.sc (and presumably much worse scripts from the hacker kiddies) from pulling all kinds of info from our dns servers?

    It won't do it with all websites, but it seems to get a lot of info from Cpanel boxes, and even google. Take a took:

    http://www.whois.sc/google.com

    For google, it lists over 103 other websites on that server.

    With many hosting boxes, you can get a list of hundreds. It's a nightmare to think of what kind of exploits that opens you up to.

    Any info appreciated. Thank you
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Try searching the forum for whois.sc where it's been discussed at length previously.
     
  3. jasmin

    jasmin Member

    Joined:
    Oct 18, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thanks, Jonathan. I actually thorough search before I posted this. Searches for things like whois.sc weren't working at the time, but thankfully they are now!

    Here's your post that addresses this:
    http://forums.cpanel.net/showpost.php?p=217540&postcount=27

    Looks good.

    I assume I amend /etc/named.conf

    Do you know what commands i'd use to tell which nameservers my server uses that are trusted? Or would I have to ask my server farm for that info?
     
    #3 jasmin, Nov 13, 2005
    Last edited: Nov 13, 2005
  4. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    I think the trusted ip's will be just the two ip's of your ns1 and ns2 plus 127.0.0.1
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, that's it. The idea is to allow only nameservers that want to peform zone transfers. If you're using external nameservers, then you actually only need the IP address of your own server as listed in /etc/resolv.conf in that list. If you're using DNS clustering then you don't really need the other DNS cluster member IP's since cPanel doesn't use traditional master/slave AXFR zone transfers (it sync's the zones through WHM links).

    To summarise, you probably just want the main IP address of the server plus 127.0.0.1 in the trusted ACL. And have your main IP address as the first resolver in /etc/resolv.conf
     
Loading...

Share This Page