Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Zone Transfer Issues

Discussion in 'Bind / DNS / Nameserver Issues' started by trebien21, Sep 26, 2017.

  1. trebien21

    trebien21 Registered

    Joined:
    Sep 26, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Hi all.

    Intro: I am new to BIND. We are using it as our nameservers within the organization. I have never been a DNS admin at this level before and am struggling with securing the server.

    Problem: A quick MXToolbox lookup shows that we are allowing for zone transfers from the outside. I want to restrict this to at least our slave DNS server.

    Attempted Solution: After googling around I found the entry for the named.conf file and made the appropriate changes to the options section on our primary nameserver. However, the full ns1 zone is still transferable.

    Tell me what I did wrong here:

    options {
    listen-on port 53 {
    127.0.0.1; XXX.XXX.XXX.XXX; xxx.xxx.xxx.xxx;
    };
    listen-on-v6 port 53 {
    ::1;
    };

    allow-transfer {
    "none";
    };

    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    pid-file "/var/named.pid";
    statistics-file "/var/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query {
    any;
    };
    allow-recursion {
    none;

    };

    };
    logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };

    };

    zone "example1.com," in {
    type master;
    file "db.example1.com";
    };

    zone "example2.com" in {
    type master;
    file "db.example2.com";
    };

    zone "xxx.xxx.xxx.in-addr.arpa" in {
    type master;
    file "db.xxx.xxx.xxx";
    };

    zone "0.0.127.in-addr.arpa" in {
    type master;
    file "db.0.0.127";
    };

    zone "." in {
    "named.conf" 65L, 1314C
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's possible the alert you see on that utility is a false positive, as the default /etc/named.conf configuration should already block zone transfers:

    Code:
    ]# grep allow-transfer /etc/named.conf
        allow-transfer    { "none"; };
    If you want to reset your /etc/named.conf configuration, you can use the following commands:

    Code:
    mv /etc/named.conf /etc/named.conf.backup1
    /scripts/rebuilddnsconfig
    Thank you.
     
Loading...

Share This Page