named.conf - Is this correct?

Hello,

Quick question about the named.conf file.

In the named.conf file (on a newly installed server) with a single domain running dns as well, please see the content of the file below.

Note there is an entry for a IP (174.132.240.146) at bottom that i didnt do… Does this mean the servers already been compromised? Should i edit this file somehow? (not sure what to change) Thank you!

// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 {
any;
};
listen-on-v6 port 53 {
any;
};
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
memstatistics-file “/var/named/data/named_mem_stats.txt”;
recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

};

logging {
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};

zone “.” IN {
type hint;
file “named.ca”;
};

include “/etc/named.rfc1912.zones”;

zone “mydomain.net” {
type master;
file “/var/named/mydomain.net.hosts”;
allow-transfer {
127.0.0.1;
localnets;
174.132.240.146;
};
};

Howdy,

Virtualmin may be adding an entry for an IP address found on your server.

Is that by chance an IP address you own?

For example, what output do you get if you run this command:

/sbin/ifconfig | grep 174.132.240.146

However, I wouldn’t figure it was related to a system compromise – I imagine there’s another reason that’s in there, it’s just a matter of determining why that is

-Eric

Interesting…
Ive never seen that ip before. so no idea - i deleted it though… so no output on the command…
It was a brand new install so a compromise is unlikely i agree…

haven’t seen any problems referencing the ip so who knows…

thx a lot