Open DNS Server

Checking dnstuff.com, out of the box it reports that we have Open DNS servers, or repsponds to recursive queries.

I think I can fix this, but shouldn’t this already be set up as closed by default?

UPDATE: Forgot to mention, Debian 4 - I added this to /etc/bind/named.conf.options :

recursion no;

Thanks,

Ron<br><br>Post edited by: RonCooper, at: 2007/08/29 08:19

Yes, it should be the default. But not turning off recursion entirely.

I’ll set it to:

allow-recursion {127.0.0.1;};

This will allow Webmin and all of its stuff to work, while still preventing outside users from querying your server.

I don’t consider this a major concern, security-wise, as all of the cache poisoning holes that are an issue have long been resolved…but still, it can be a vector of attack for DoS and other stuff (if someone were trying really hard), so it’s worth closing by default.

Next revision of virtualmin-base will set this, by default.