Checking dnstuff.com, out of the box it reports that we have Open DNS servers, or repsponds to recursive queries.
I think I can fix this, but shouldn’t this already be set up as closed by default?
UPDATE: Forgot to mention, Debian 4 - I added this to /etc/bind/named.conf.options :
Ron<br><br>Post edited by: RonCooper, at: 2007/08/29 08:19
Yes, it should be the default. But not turning off recursion entirely.
I’ll set it to:
This will allow Webmin and all of its stuff to work, while still preventing outside users from querying your server.
I don’t consider this a major concern, security-wise, as all of the cache poisoning holes that are an issue have long been resolved…but still, it can be a vector of attack for DoS and other stuff (if someone were trying really hard), so it’s worth closing by default.
Next revision of virtualmin-base will set this, by default.