LxCenter HyperVM & Kloxo Support

Forum is closed. Use http://community.lxcenter.org/



Members   Search      Help    Register    Login    Home
Home » Kloxo Community Support » Technical Help » Turning Off Recursive DNS
Turning Off Recursive DNS [message #104336] Fri, 30 November 2012 08:59 Go to next message
mr_sarge is currently offline mr_sarge  Canada
Messages: 10
Registered: November 2011
Location: Montreal, Quebec, Canada
Member
Hi,

My server is running Kloxo 6.1.12 and it was just used to send a DNS amplification attack.

I found out that Recursive DNS seem to be On by default.

I found this topic that discuss the issue: http://forum.lxcenter.org/index.php?t=msg&goto=79302x%x

The file "global.options.named.conf" doesn't exist on my server so I runned the /script/cleanup but it didn't create it as Danny suggest.

I used 0070007 method for now:

in /var/named/chroot/etc/named.conf add

options {
recursion no;
};


Is this the right thing to do? The post I linked if from last year. Is this have been changed?

Thank you!

Report message to a moderator

Re: Turning Off Recursive DNS [message #104397 is a reply to message #104336] Sun, 02 December 2012 20:10 Go to previous messageGo to next message
ajonate is currently offline ajonate  United States
Messages: 275
Registered: April 2011
Location: Las Vegas, NV
Senior Member
This is the entire contents of my named.conf file.

options {
allow-recursion { localhost; };
};

//Kloxo 

include "/etc/kloxo.named.conf";


That command will disallow recursion from all sources except localhost. That's what you want.

Entomy Networks, Premium Hosting Services
https://dl.dropbox.com/u/22059150/linvps.jpg

Report message to a moderator

Re: Turning Off Recursive DNS [message #104422 is a reply to message #104397] Mon, 03 December 2012 16:41 Go to previous messageGo to next message
mr_sarge is currently offline mr_sarge  Canada
Messages: 10
Registered: November 2011
Location: Montreal, Quebec, Canada
Member
Thank you!

But is this the default value of this file? Or have you edited it?

I don't understand why Kloxo would be recursive by default...

Report message to a moderator

Re: Turning Off Recursive DNS [message #104489 is a reply to message #104422] Thu, 06 December 2012 14:21 Go to previous messageGo to next message
ajonate is currently offline ajonate  United States
Messages: 275
Registered: April 2011
Location: Las Vegas, NV
Senior Member
You'll have to edit it.

Recursive DNS lookups aren't really that serious of a security threat. After all, that's how you get DNS lookups from your ISP when you browse the Internet.

The idea is that if you allow recursive lookups that someone could try a DoS attack on your DNS server by flooding you with lookup requests. All recursive requests are null-routed if you disable recursive lookups. With recursive lookups disabled the only DNS requests that are serviced are authoritative lookups (lookup for domains that you manage zones for).

Entomy Networks, Premium Hosting Services
https://dl.dropbox.com/u/22059150/linvps.jpg

[Updated on: Thu, 06 December 2012 15:35]

Report message to a moderator

Re: Turning Off Recursive DNS [message #104497 is a reply to message #104489] Thu, 06 December 2012 16:45 Go to previous messageGo to next message
mr_sarge is currently offline mr_sarge  Canada
Messages: 10
Registered: November 2011
Location: Montreal, Quebec, Canada
Member
In fact, someone passed through my recursive DNS to blast attack another server.

My VPS host shutted down my VPS for two days after they got the complain...

Report message to a moderator

Re: Turning Off Recursive DNS [message #104498 is a reply to message #104497] Thu, 06 December 2012 19:10 Go to previous message
mustafaramadhan is currently offline mustafaramadhan  Indonesia
Messages: 5773
Registered: December 2010
Location: Yogyakarta
Super Grandmaster
Forum Moderator
This is my 'standard' bind:

acl "lxcenter" {
	localhost;
};

options {
	max-transfer-time-in 60;
	transfer-format many-answers;
	transfers-in 60;
	auth-nxdomain yes;
	allow-transfer {
		lxcenter;
		xxx.xxx.xxx.xxx;
		};
	allow-recursion {
		lxcenter;
		xxx.xxx.xxx.xxx;
		};
	recursion yes;
	version "LxCenter-1.0";
	forwarders {
		xxx.xxx.xxx.xxx;
		};
};

# Remove # to see all DNS queries
# logging {
#	 channel query_logging {
#		 file "/var/log/named_query.log";
#		 versions 3 size 100M;
#		 print-time yes;
#	 };

#	 category queries {
#		 query_logging;
#	 };
# };

where: xxx.xxx.xxx.xxx = ns2

..:: MRatWork ::..
Server/Web-integrator - perfect not always more useful

--- Need KVM/OpenVZ VPS? - click here (Kloxo-MR READY!) ---

For bug/feature/security - Member rank status

[Updated on: Thu, 06 December 2012 19:11]

Report message to a moderator

Previous Topic:My kloxo have problem with Joomla script
Next Topic:Disk Quota Exceded Error
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Wed Jan 06 09:05:39 EST 2016

Total time taken to generate the page: 0.01551 seconds
.:: Contact :: Home :: Privacy ::.

Click here to lend your support to: LxCenter and make a donation at www.pledgie.com !

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software