Go Back   SolidHost Forums Support Forums DNS Questions

Reply
 
Thread Tools Display Modes
Old Apr 28th, 2006, 04:06   #1
dnc
Customer
 
Join Date: Nov 2004
Posts: 45
Default Open DNS servers

Hello

I had not noticed this issue on dnsreport before, it seems there are several security/ddos issues regarding open dns. Ns3/Ns4 seem to be open as this is the default cpanel configuration. Could you please investigate this?
Quote:
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

Server 209.51.159.34 reports that it will do recursive lookups.
Server 83.98.189.37 reports that it will do recursive lookups.


See this page for info on closing open DNS servers.

Last edited by dnc; Apr 28th, 2006 at 04:10.
dnc is offline   Reply With Quote
Old May 9th, 2006, 04:35   #2
CPUBum
Customer
 
Join Date: Feb 2005
Location: Virginia
Posts: 44
Default

Is this something that us Linux users need to worry about on our dedicated servers? If so, should we open a ticket to make sure we do not have a problem?

Thanks
CPUBum is offline   Reply With Quote
Old May 9th, 2006, 11:24   #3
SH-Andre
SolidHost Crew
 
Join Date: Sep 2001
Posts: 850
Default

Quote:
Originally Posted by dnc
Hello

I had not noticed this issue on dnsreport before, it seems there are several security/ddos issues regarding open dns. Ns3/Ns4 seem to be open as this is the default cpanel configuration. Could you please investigate this?
Actually these nameservers are meant to be open because otherwise your servers wouldn't be able to use them.

-----------------
Andre van Vliet
SolidHost Administrators

Solid as a Rock
SH-Andre is offline   Reply With Quote
Old May 9th, 2006, 11:32   #4
SH-Andre
SolidHost Crew
 
Join Date: Sep 2001
Posts: 850
Default

Quote:
Originally Posted by CPUBum
Is this something that us Linux users need to worry about on our dedicated servers? If so, should we open a ticket to make sure we do not have a problem?

Thanks
If your resolvers are hosted on your own server you should probably make sure they are closed. You can check this by going to www.dnsreport.com.

If it turns out your nameservers are open and you are running bind, then here's how to close them:

Code:
pico /etc/named.conf
Instead of pico you may also use any other editor. Then enter the following line in the options clause:

Code:
recursion no;
Then exit the editor and restart named:

Code:
service named restart
That should do the trick.

-----------------
Andre van Vliet
SolidHost Administrators

Solid as a Rock
SH-Andre is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 05:32.