Hello,
Many of you might have noticed the following error on the dnsreport for your domain.
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
I have prepared a small code snippet which will help you to fix that error for all the domains on your server. Just wanted to share this with you all who have this issue. Beware that this code works for only cpanel servers. Following is the exact procedure. Be sure to take a backup of your named.conf for recouvery measures before hand.
1. Login to your server as root.
2. Wget and run the script as :
3. It will provide you with an output like :
4. Copy and paste this code in the Options section of your named.conf. Something like :
5. Save named.conf and restart the named service. All all zones to load and check dns report now. The open nameservers warning no longer shows up. Hope it works fine for you. Any additions, corrections welcome.
Many of you might have noticed the following error on the dnsreport for your domain.
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
I have prepared a small code snippet which will help you to fix that error for all the domains on your server. Just wanted to share this with you all who have this issue. Beware that this code works for only cpanel servers. Following is the exact procedure. Be sure to take a backup of your named.conf for recouvery measures before hand.
1. Login to your server as root.
2. Wget and run the script as :
Code:
http://shashank.net/scripts/named.patch
sh named.patch
Code:
allow-recursion {
127.0.0.1;
xxx.xxx.xxx.xxx;
xxx.xxx.xxx.xxx;
};
Code:
options {
options {
directory "/var/named";
allow-recursion {
127.0.0.1;
xxx.xxx.xxx;
.... ....
.... ....
};
};