This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Open DNS Server

2 posts / 0 new

Topic locked

Last post

#1 Wed, 08/29/2007 - 03:52

RonCooper

Open DNS Server

Checking dnstuff.com, out of the box it reports that we have Open DNS servers, or repsponds to recursive queries.

I think I can fix this, but shouldn't this already be set up as closed by default?

UPDATE: Forgot to mention, Debian 4 - I added this to /etc/bind/named.conf.options :

recursion no;

Thanks,

Ron<br><br>Post edited by: RonCooper, at: 2007/08/29 08:19

#2 Sun, 06/07/2009 - 07:14

Joe

Yes, it should be the default. But not turning off recursion entirely.

I'll set it to:

allow-recursion {127.0.0.1;};

This will allow Webmin and all of its stuff to work, while still preventing outside users from querying your server.

I don't consider this a major concern, security-wise, as all of the cache poisoning holes that are an issue have long been resolved...but still, it can be a vector of attack for DoS and other stuff (if someone were trying really hard), so it's worth closing by default.

Next revision of virtualmin-base will set this, by default.

--

Check out the forum guidelines!

Topic locked