Closing open DNS

Pages (2): « First [1] 2 Next > Last »

Threaded Mode | Linear Mode

Closing open DNS

Author Message

mjk
Junior Member

Posts: 14
Group: Registered
Joined: May 2007
Status: Offline
Reputation: 0

Post: #1

Closing open DNS

I have noticed that the default setup for bind under VHCS allows it to be used as an open dns.

I have only just discovered how bad this is (think open smtp relay). So it would be good if ispCP worked to prevent open dns.

05-11-2007 11:57 AM

joximu
Moderator

Posts: 3,536
Group: Moderators
Joined: Jan 2007
Status: Online
Reputation: 47

Post: #2

RE: Closing open DNS

is it also in ispcp?

05-11-2007 04:49 PM

BioALIEN
Junior Member

Posts: 226
Group: Graph Team
Joined: Feb 2007
Status: Offline
Reputation: 0

Post: #3

RE: Closing open DNS

As joximu said, can you please confirm this is also the case with ispCP?

BioALIEN
OS: Debian 4.0 Etch
ispCP Build: RC3 r953 - 28.12.07
Mods: AWStats dynamic

05-12-2007 12:12 AM

mjk
Junior Member

Posts: 14
Group: Registered
Joined: May 2007
Status: Offline
Reputation: 0

Post: #4

RE: Closing open DNS

I have not installed ispCP yet as I am waiting on the stable release to install it and upgrade my vhcs installs.

dnsreport.com will report it. Perhaps someone that does ispCP installed could run the report?

05-12-2007 05:53 AM

joximu
Moderator

Posts: 3,536
Group: Moderators
Joined: Jan 2007
Status: Online
Reputation: 47

Post: #5

RE: Closing open DNS

open dns means: you can ask this server about domain names which he isn't responsible for.

This seems to be enabled in ispcp.

But should be only a little option in bind9

/Joximu

05-12-2007 06:05 AM

ephigenie
Administrator

Posts: 661
Group: Administrators
Joined: Oct 2006
Status: Offline
Reputation: 12

Post: #6

RE: Closing open DNS

yeah this can be done via acl's

05-12-2007 06:16 AM

raphael
Member

Posts: 474
Group: Dev Team
Joined: Apr 2007
Status: Offline
Reputation: 8

Post: #7

RE: Closing open DNS

A simple

recursion no;

in the options {} section of the bind config file will do the trick Wink

Quote:

This is Linux land. In silent nights you can hear the Windows machines rebooting.

If you want to be helped, don't PM me but post in the forums | If you want private support PM me and we'll discuss the price

05-12-2007 06:35 AM

ephigenie
Administrator

Posts: 661
Group: Administrators
Joined: Oct 2006
Status: Offline
Reputation: 12

Post: #8

RE: Closing open DNS

yeah but thats not a good idea - because then your local server is not able to answer queries to the server itself. (beyond the authoriative zones) But thats often a must because isp's dns server are sometimes quiet unreliable.

I'd recommend putting this into your named.conf.options

Code:

acl local {

        127.0.0.1;

        <your-ip>;

        };

allow-recursion { local; };

and use the isp/ providers dns as forwarders if needed.

05-12-2007 06:56 AM

raphael
Member

Posts: 474
Group: Dev Team
Joined: Apr 2007
Status: Offline
Reputation: 8

Post: #9

RE: Closing open DNS

I'm wondering what would happen if a server makes use of opendns... Tongue

Quote:

This is Linux land. In silent nights you can hear the Windows machines rebooting.

If you want to be helped, don't PM me but post in the forums | If you want private support PM me and we'll discuss the price

05-12-2007 07:09 AM

ephigenie
Administrator

Posts: 661
Group: Administrators
Joined: Oct 2006
Status: Offline
Reputation: 12

Post: #10

RE: Closing open DNS

yeah, i too - but that question can be left to the people at dnsreport.com - i cannot find something bad on that at all.

05-12-2007 07:23 AM

Pages (2): « First [1] 2 Next > Last »

« Next Oldest | Next Newest »

View a Printable Version
Send this Thread to a Friend
Subscribe to this Thread | Add Thread to Favorites