Current time: 11-29-2024, 10:18 PM Hello There, Guest! (LoginRegister)


Post Reply 
Closing open DNS
Author Message
mjk Offline
Junior Member
*

Posts: 14
Joined: May 2007
Reputation: 0
Post: #1
Closing open DNS
I have noticed that the default setup for bind under VHCS allows it to be used as an open dns.

I have only just discovered how bad this is (think open smtp relay). So it would be good if ispCP worked to prevent open dns.
05-11-2007 11:57 AM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #2
RE: Closing open DNS
is it also in ispcp?
05-11-2007 04:49 PM
Visit this user's website Find all posts by this user Quote this message in a reply
BioALIEN Offline
Public Relations Officer
*****
Dev Team

Posts: 620
Joined: Feb 2007
Reputation: 5
Post: #3
RE: Closing open DNS
As joximu said, can you please confirm this is also the case with ispCP?
05-12-2007 12:12 AM
Find all posts by this user Quote this message in a reply
mjk Offline
Junior Member
*

Posts: 14
Joined: May 2007
Reputation: 0
Post: #4
RE: Closing open DNS
I have not installed ispCP yet as I am waiting on the stable release to install it and upgrade my vhcs installs.

dnsreport.com will report it. Perhaps someone that does ispCP installed could run the report?
05-12-2007 05:53 AM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #5
RE: Closing open DNS
open dns means: you can ask this server about domain names which he isn't responsible for.

This seems to be enabled in ispcp.

But should be only a little option in bind9

/Joximu
05-12-2007 06:05 AM
Visit this user's website Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #6
RE: Closing open DNS
yeah this can be done via acl's
05-12-2007 06:16 AM
Visit this user's website Find all posts by this user Quote this message in a reply
raphael Offline
Member
***

Posts: 474
Joined: Apr 2007
Reputation: 8
Post: #7
RE: Closing open DNS
A simple

recursion no;

in the options {} section of the bind config file will do the trick Wink
05-12-2007 06:35 AM
Visit this user's website Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #8
RE: Closing open DNS
yeah but thats not a good idea - because then your local server is not able to answer queries to the server itself. (beyond the authoriative zones) But thats often a must because isp's dns server are sometimes quiet unreliable.

I'd recommend putting this into your named.conf.options
Code:
acl local {
        127.0.0.1;
        <your-ip>;
        };

allow-recursion { local; };

and use the isp/ providers dns as forwarders if needed.
05-12-2007 06:56 AM
Visit this user's website Find all posts by this user Quote this message in a reply
raphael Offline
Member
***

Posts: 474
Joined: Apr 2007
Reputation: 8
Post: #9
RE: Closing open DNS
I'm wondering what would happen if a server makes use of opendns... Tongue
05-12-2007 07:09 AM
Visit this user's website Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #10
RE: Closing open DNS
yeah, i too - but that question can be left to the people at dnsreport.com - i cannot find something bad on that at all.
05-12-2007 07:23 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)