Hi Jamie/Joe,
If I don’t want to use my server as a name server, what do I do to turn it off? Do I just click on Stop BIND button at System Information page?
Thanks.
The problem I have with Virtualmin-created DNS on my server is that a couple of vulnerability scans reveal that there is a security issue.
ISSUE: Recursive Queries Allowed
- Open to cache poisoning attacks
- Open to denial of Service attacks against another system
Synopsis : The remote name server allows recursive queries to be performed.
Description : It is possible to query the remote name server for third party names. If this is your internal nameserver, then forget this warning. If you are probing a remote nameserver, then it allows anyone to use it to resolve third parties names (such as www.nessus.org). This allows hackers to do cache poisoning attacks against this nameserver. If the host allows these recursive queries via UDP, then the host can be used to ‘bounce’ Denial of Service attacks against another network or system.
Suggested Solution: Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it).
If you are using bind 8, you can do this by using the instruction ‘allow-recursion’ in the ‘options’ section of your named.conf
If you are using bind 9, you can define a grouping of internal addresses using the ‘acl’ command
Then, within the options block, you can explicitly state:
‘allow-recursion { hosts_defined_in_acl }’
For more info on Bind 9 administration (to include recursion), see:
http://www.nominum.com/content/documents/bind9arm.pdf