Check /etc/named.conf For Recursion Restrictions

Jun 23, 2007

I'm getting this warning from check server security option in csf :
--------
You have a local DNS server running but do not have any recursion restrictions set in /etc/named.conf. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only
--------
I saw named.conf but In fact I didn't understand what should I do
Can somebody tells me what should i do and what this warning trying to tell me?

View 2 Replies


ADVERTISEMENT

Fatal! Named.conf Fails Named-checkconf

Mar 2, 2008

i have adidcated server any i get anew one
and my site is rock2host.com
on the domain name i make the ns1 - ns2-ns3-ns4 of ips of the new server
but the problem that to this time there is no any account on my server is working
as i have adns error but i do not what is the problem
i made that

DNS Functions
Adding an A entry for your hostname
Bind reloading on server using rndc zone: [rock2host.com] Error reloading bind on server: rndc: get config key list: not found

DNS Functions
Cleanup Nameserver Config File
Fatal! named.conf fails named-checkconf, please repair named.conf and try again

View 14 Replies View Related

DNS Issues Rndc.conf & Named.conf

Apr 8, 2009

It started with this error:

Bind reloading on server01 using rndc zone: [ns1.mydomain.net]
Error reloading bind on server01: rndc: connect failed: 127.0.0.1#953: connection refused

so i did the obvious checked the csf firewall to see if port 953 was enabled and it was

so i took a look at rndc.conf

Code:
root@server01 [~]# nano /etc/rndc.conf
#start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "KLGSBmWZrev0I4fR4Tm4GXxdcYSTFzF23b1f9is1M=";
};

options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
#key "rndc-key" {
# algorithm hmac-md5;
# secret "KLGSBmWZrev0I4fR4Tm4GXxdcYSTFzF23b1f9is1M=";
#};
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
Then i took a look at named.conf

Code:
options {
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/

//query-source port 53;

/* We no longer enable this by default as the dns posion exploit
has forced many providers to open up their firewalls a bit */

// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
pid-file "/var/run/named/named.pid";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
/* memstatistics-file "data/named_mem_stats.txt"; */
};

logging {
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named").
* By default, SELinux policy does not allow named to modify the /var/named" directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.

view "localhost_resolver" {
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { 127.0.0.0/24; };
match-destinations { localhost; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/var/named/named.rfc1912.zones";
};

View 5 Replies View Related

Where Is /etc/named.conf

May 31, 2008

i am running centos 5 with bind9 and there is no /etc/named.conf. All i could find is /etc/named.caching-nameserver.conf

i am planning to runs dns nameserver for my domain. where to do zone entries?

View 9 Replies View Related

Deleted /etc/named.conf?

May 30, 2008

i have cpanel running on my dedicated server and i have accidentally deleted /etc/named.conf

how to recover it? will cpanel maintain backup or of some sort? i havent stopped bind so my sites are working till now.

View 9 Replies View Related

/etc/named.conf Not Work

Jun 21, 2007

last night i was looking for closing my Open DNS to close it ...

but it's seems that i keep playing in the file name
/etc/named.conf

i back up it before

but when i finish i didn't cp /named.conf

i type mv named.conf-back /etc/named.conf

and all my server now is down and the support sooo bad ...

they just told me some commands and it's didn't work

then they didn't respond on my ...

View 14 Replies View Related

Customized Named.conf In CPanel

Oct 28, 2009

I'd like to add geodns to BIND, so I need to modify named.conf. All that I will put into is a include of an acl file (for different IP ranges), and add a new view for existed domain.

My VPS use cPanel. What is the best way to handle this, as named.conf can be modify by cPanel? I can modify the template in /scripts/rebuilddnsconfig, but I don't know how to add a new view.

There's only one site in my VPS. But I use a few subdomains in DNS (legacy issues). Only one db file in /var/named/

View 2 Replies View Related

/etc/named.conf:87: Unknown Option 'e'

Aug 11, 2008

I have the following problem:
When i try to restart the nameserver service i get the following error:

# service named restart
Stopping named: [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:87: unknown option 'e'
/etc/named.conf:120: unexpected end of input
[FAILED]
my named.conf as follows:

include "/etc/rndc.key";

controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};

options {
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/
query-source port 53;

// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
/* memstatistics-file "data/named_mem_stats.txt"; */
};

logging {
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named).
* By default, SELinux policy does not allow named to modify the /var/named directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.

view "localhost_resolver" {
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { 127.0.0.0/24; };
match-destinations { localhost; };
recursion yes;

zone "." IN {
type hint;
file "/var/named/named.ca";
};

// include "/var/named/named.rfc1912.zones";
// you should not serve your rfc1912 names to non-localhost clients.

// These are your "authoritativ
zone "smpl.splinteredmedia.net" {
type master;
file "/var/named/smpl.splinteredmedia.net.db";
};

e" internal zones, and would probably
// also be included in the "localhost_resolver" view above :
};

view "external" {
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
*/

recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers

// all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/named.ca";
};

// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:

// BEGIN external zone entries

};

z
zone "smpl.splinteredmedia.net" {
type master;
file "/var/named/smpl.splinteredmedia.net.db";
};

I have cPanel installed on a CentOS 5.1 VPS

View 11 Replies View Related

None:0: Open: /etc/named.conf: File Not Found

Dec 5, 2008

none:0: open: /etc/named.conf: file not found

i had install cpanel on Cent Os 5 on a VPS
Cpanel Correctly Running but named does not working !
i try to restart named but it say :
root@server [/etc]# service named restart
Stopping named: [ OK ]
Starting named:
Error in named configuration:
none:0: open: /etc/named.conf: file not found
[FAILED]

View 5 Replies View Related

Named.conf :: When Using 'view' Statements, All Zones Must Be In Views

Dec 19, 2008

After Cpanel update latest release version. I have issue with named.conf.
I tried to rebuild named. but..

/scripts/rebuilddnsconfig
fixrndc requires a syntactically correct /etc/named.conf.
No changes were made to /etc/named.conf.

Problem was:

/etc/named.conf:23: when using 'view' statements, all zones must be in views
Anyone can explain me about "/etc/named.conf:23: when using 'view' statements, all zones must be in views"?

View 11 Replies View Related

How To Revert Back From Named-wrapper -u Named To /usr/sbin/named -u Named

Oct 26, 2009

After upcp suddently named failed and only works when I use /scripts/ulimitnamed

But now the server feel so slow because of became named-wrapper -u

How to revert back from named-wrapper -u named to /usr/sbin/named -u named?

View 0 Replies View Related

Weird Named Errors Available9 Named[7562]: Lame Server Resolving

Nov 25, 2008

I see some errors about lame servers in messages log,and i noticed that look like adress of isp surfer domain beacuse i noticed domain of my isp listed also as lame name server.Here is example:

Nov 24 03:46:55 available9 named[7562]: lame server resolving '247.100.51.72.in-addr.arpa' (in '100.51.72.in-addr.arpa'?): 205.214.192.202#53
Nov 24 03:46:55 available9 named[7562]: lame server resolving '247.100.51.72.in-addr.arpa' (in '100.51.72.in-addr.arpa'?): 205.214.192.201#53
Nov 24 03:46:56 available9 named[7562]: lame server resolving '247.100.51.72.in-addr.arpa' (in '100.51.72.in-addr.arpa'?): 205.214.192.202#53
Nov 24 03:46:56 available9 named[7562]: lame server resolving '247.100.51.72.in-addr.arpa' (in '100.51.72.in-addr.arpa'?): 205.214.192.201#53
Nov 24 07:19:51 available9 named[7562]: FORMERR resolving 'ducksimilar.com/NS/IN': 203.93.208.87#53
Nov 24 07:19:51 available9 named[7562]: FORMERR resolving 'ducksimilar.com/NS/IN': 91.208.228.150#53
Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host1.experienceexcept.com/AAAA/IN': 203.93.208.87#53
Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host2.experienceexcept.com/AAAA/IN': 203.93.208.87#53
Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host1.experienceexcept.com/AAAA/IN': 91.208.228.150#53
Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host2.experienceexcept.com/AAAA/IN': 91.208.228.150#53
Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host1.experienceexcept.com/AAAA/IN': 203.93.208.87#53
Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host2.experienceexcept.com/AAAA/IN': 203.93.208.87#53
Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host1.experienceexcept.com/AAAA/IN': 91.208.228.150#53
Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host2.experienceexcept.com/AAAA/IN': 91.208.228.150#53

View 1 Replies View Related

BUG: Recent Printk Recursion!

Jul 5, 2009

i have this error on my log.

what is this.

72 Time(s): BUG: recent printk recursion!

2 Time(s): Firewall: *TCP_IN Blocked* IN=venet0 OUT= <2>BUG: recent printk recursion!

View 9 Replies View Related

Apache :: Creating Rule For Directory Recursion?

Aug 29, 2013

I have a number of WordPress, Drupal, Wiki sites running under RHEL6.

Apache version:httpd -v
Server version: Apache/2.2.15 (Unix)
Server built: Aug 2 2013 08:02:18

We are subject to internal scans by Appscan and Tenable. It is a security requirement so I cannot just block them.

The scanners, of course, attempt to recurse the directory structure and find vulnerable files such as boot.ini, winnt.com and such.

This drives the php content management systems nuts.
Request comes in and is handled by php.
PHP checks the cache for that name and does not find it.
PHP generates a MySQL query and sends it.
MySQL tries and fails to satisfy the query.
MySQL returns result to php.
PHP Writes a cached of the result and presents it to the web.

In other words, a whole lot of processor/memory.

The security scans typically look like......

[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET /../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET //../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................windowswin.ini HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................winntwin.ini HTTP/1.1

I have been able to improve performance, speed and security by mod_rewrite

RewriteRule .*.(dll|ini|exe|com)$ - [R=404,NC]

Now (Finally) the question.

I have not been able to create a rule for the directory recursion.

I want to R=404 any that has a "../.." or "...." or ...." but I can not get it to recognize the string correctly.

I believe that this would improve speed and security.

View 2 Replies View Related

No Restrictions On IP Addresses Anymore

May 21, 2009

Having been away from the hosting field for a few years returning back I notice some hosts are offering IPs with, for instance, personal basic plans. Some are even offering 15 IPs to anyone. And 350GB disk space and 1TB data transfor for $3.95, but that is another question. I wonder how they get butter on the bread with these prices.

As for IPs how do these companies get their IPs? Are there no more Icann restrictions?

View 14 Replies View Related

Domain Restrictions For .co.uk Domains

Mar 17, 2008

any restrictions on owning a .co.uk domain if one lives in the usa or should i have my uk friend register it?

View 6 Replies View Related

Any Hosting Without File Number Restrictions

Apr 21, 2009

Is there any hosting providers without file number limits? Or higher limits...

I've been using dreamhost, but found that they have a 500k file number limits. So now i'm using less than 2 gigs of disk and still have 370+ worthless free gigs of disk space

View 14 Replies View Related

Yahoo Server Restrictions On Upload

Sep 11, 2008

im using old htm pages work with php which works on localhost, but upon upload to yahoo server i need to upload a revised .htaccess which yahoo restricts

how can i read my htm pages in yahoo to work or read php in it?

other options that will work in yahoo?

View 4 Replies View Related

Restrictions On Windows 2003 Web Edition!

Apr 6, 2007

getting a dedicated server and wanted to know what the differences are between Windows 2003 Web and Standard editions?

to run some activeX DLL's I have compiled on one of my websites that will be hosted on the dedicated server - can I do this on the web edition?

View 7 Replies View Related

Free Management, Internet Relay Chat (IRC) Relaxed Restrictions

Oct 4, 2008

can anyone direct me to a host that allows me to run an IRCd with IRC bots and bouncers?

The webspace should be 5 gigs or over and the bandwidth should be 20gigs/m or over. Free management (like offered on web intellects) would be great aswell.

I have a 40-50$/m budget.

View 3 Replies View Related

Plesk 11.x / Windows :: Migration - DNS Server Does Not Support Networks In Transfer Restrictions Template

Oct 18, 2013

I'm migrating from Plesk 9.5 to 11 and I'm getting the following on my Transfer Pre-Check from within the Migration Manager."The destination DNS server does not support networks in the Transfer Restrictions Template, but some subscriptions have networks in DNS transfer restrictions. The records with network IP addresses in the DNS transfer restrictions will not be restored."

I've gone to Server, DNS Settings, Transfer Restriction Template and added the new server's IP to the list of allowed networks to no avail. I also couldn't find any documentation on what the cause might be.

View 1 Replies View Related

How To Check Load Via Ssh And Check Files Causing Load

Jul 1, 2009

I would like to know how to check load via ssh and check files causing load?

I want the ssh codes for 2 different set of control panels, one with cpanel+whm and other with kloxo+hypervm

and I would also know how to check the files causing the load, such as some files could have been interrupted while processing, so they could be causing load some times, so I want to stop such processes if any are running on the vps on my friends accounts

View 5 Replies View Related

Named In Chroot

Oct 12, 2009

It has been a long time since I setup named, and I need some help as I'm just not getting it this time around. I'm running named on CentOS under Chroot

IP Space is; 216.201.80.96/28
Gateway is 216.201.80.97
Netmask is 255.255.255.240
Useable IP Space is 216.201.80.100 - 110

named.conf
---
key "rndckey" {
algorithm hmac-md5;
// secret is xx'ed out for this posting
secret "xxxxxxxxxxxxxx";
};

controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
inet 216.201.80.101 allow { 216.201.80.101; } keys { "rndckey"; };
};

options {
directory "/var/named";
pid-file "/var/run/named/named.pid";

recursion yes;

allow-recursion {
127.0.0.1;
216.201.80.101;
};
listen-on {
127.0.0.1;
216.201.80.101;
};
query-source address * port 53;

version "REFUSED";

allow-query {
127.0.0.1;
216.201.80.101;
};
};

server 216.201.80.101 {
keys { rndckey; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "cheapdatamining.com" IN {
type master;
file "data/cheapdatamining.com.zone";
allow-update { none; };
};

cheapdatamining.com.zone
--------------------------
$TTL 38400
@ IN SOA ns1.cheapdatamining.com. admin.cheapdatamining.com (
2008090335 ; Serial
10800 ; Refresh after 3 hours
3600 ; Retry after 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL 1 day

cheapdatamining.com.INNS ns1.cheapdatamining.com.
cheapdatamining.com.INNSns2.cheapdatamining.com.
ns1.cheapdatamining.com.IN A 216.201.80.101
ns2.cheapdatamining.com. IN A 216.201.80.102

resolv.conf on server.
--------------
search cheapdatamining.com
nameserver 216.201.80.101
nameserver 216.201.80.102

Got the domain sitting at godaddy with ns1 and ns2 pointing to 216.201.80.101/102

Everything looks good as far as I can see, local nslookup on the loopback is fine, and iptables are good.

View 0 Replies View Related

Named Security

Jun 27, 2009

Is this the correct setup?

DNS Server 1:
allow-transfer { 127.0.0.1; Server2; };
allow-recursion { 127.0.0.1; Server2; };
recursion no;

DNS Server 2:
allow-transfer { 127.0.0.1; Server1; };
allow-recursion { 127.0.0.1; Server1; };
recursion no;

BOTH hosts file:
order bind,hosts
nospoof on
spoofalert on
multi on

View 2 Replies View Related

Named Already Running

Jun 10, 2008

I keep getting this error when trying to start named, bind 9.3.3 installed through yum (centos 5 x64).

# service named restart
Stopping named: [FAILED]
Starting named: named: already running [FAILED]

# ls /var/run/named
#

# ls /var/lock/subsys | grep named
#

I even uninstalled bind, restarted the system, and reinstalled and it is still giving me the same error.

There aren't any related errors in dmesg/messages and I couldn't find a named related file in /var/log.

View 4 Replies View Related

Named VPS Server

Oct 24, 2008

I Got The Installed vMware on My Dedicated Server For Create VPS Server

Anyway i Got The Installed a VPS server With centos 5

Then Got The installed cPanel On VPS

Afterward Take Set IP n NS On Name Server's IP Section Of cPanel

Then Got The Set Ns n Ip's On My Domain Panel

My NS's can Be Ping But My Domain Can Not Be Ping

So Can't be Connect to cPanel

Also I Take More eMail notification About

1- Named yourdomain.com Failed

2- Native SSL yourdomain.com Failed

3- IP Check Problems With DNS Setup on yourdomain.com failed

I THink named got the Damage

but i can't repair It

View 7 Replies View Related

Named/bind

Jun 6, 2008

since this morning, I am unable to start named/bind.

_could_ it be a hardware problem or it has to be software-related?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved