How to turn off DNS on server

4 posts / 0 new
Last post
#1 Sun, 07/22/2007 - 16:24
ah...lifes...good

How to turn off DNS on server

Hi Jamie/Joe,

If I don't want to use my server as a name server, what do I do to turn it off? Do I just click on Stop BIND button at System Information page?

Thanks.

The problem I have with Virtualmin-created DNS on my server is that a couple of vulnerability scans reveal that there is a security issue.

ISSUE: Recursive Queries Allowed - Open to cache poisoning attacks - Open to denial of Service attacks against another system

Synopsis : The remote name server allows recursive queries to be performed.

Description : It is possible to query the remote name server for third party names. If this is your internal nameserver, then forget this warning. If you are probing a remote nameserver, then it allows anyone to use it to resolve third parties names (such as www.nessus.org). This allows hackers to do cache poisoning attacks against this nameserver. If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.

Suggested Solution: Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).

If you are using bind 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf

If you are using bind 9, you can define a grouping of internal addresses using the 'acl' command

Then, within the options block, you can explicitly state: 'allow-recursion { hosts_defined_in_acl }'

For more info on Bind 9 administration (to include recursion), see: http://www.nominum.com/content/documents/bind9arm.pdf

Sun, 07/22/2007 - 16:26
ah...lifes...good

The vulnerability scans that I ran are:

1. DNSStuff.com's DNSreport
2. Nessus Vulnerability Scanner

Mon, 07/23/2007 - 03:43 (Reply to #2)
Joe
Joe's picture

This isn't a vulnerability, though it is generally better to limit recursive queries to localhost.

But if you aren't using the name server, yes, shut it down. Virtualmin won't like it if you are creating name records, however, so you'll need to make sure your Server Templates have name service disabled.

Disabling remote queries (and making these overly hyped warnings go away) is easy:

Browse to Webmin's BIND module. Click on "Addresses and Topology".

Find the field labeled "Allow recursive queries from" and fill in 127.0.0.1.

Save it and apply changes. All done.

--

Check out the forum guidelines!

Mon, 07/23/2007 - 08:33 (Reply to #3)
ah...lifes...good

<div class='quote'>Disabling remote queries (and making these overly hyped warnings go away) is easy:

Browse to Webmin's BIND module. Click on &quot;Addresses and Topology&quot;.

Find the field labeled &quot;Allow recursive queries from&quot; and fill in 127.0.0.1.

Save it and apply changes. All done.</div>

Thanks Joe. I feel much better that this is done as one unnecessary loophole is now closed.

Topic locked