I'm getting this warning from check server security option in csf :
--------
You have a local DNS server running but do not have any recursion restrictions set in /etc/named.conf. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only
--------
I saw named.conf but In fact I didn't understand what should I do
Can somebody tells me what should i do and what this warning trying to tell me?
i have adidcated server any i get anew one and my site is rock2host.com on the domain name i make the ns1 - ns2-ns3-ns4 of ips of the new server but the problem that to this time there is no any account on my server is working as i have adns error but i do not what is the problem i made that
DNS Functions Adding an A entry for your hostname Bind reloading on server using rndc zone: [rock2host.com] Error reloading bind on server: rndc: get config key list: not found
DNS Functions Cleanup Nameserver Config File Fatal! named.conf fails named-checkconf, please repair named.conf and try again
options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed: #key "rndc-key" { # algorithm hmac-md5; # secret "KLGSBmWZrev0I4fR4Tm4GXxdcYSTFzF23b1f9is1M="; #}; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc-key"; }; # }; # End of named.conf Then i took a look at named.conf
Code: options { /* make named use port 53 for the source of all queries, to allow * firewalls to block all ports except 53: */
//query-source port 53;
/* We no longer enable this by default as the dns posion exploit has forced many providers to open up their firewalls a bit */
// Put files that named is allowed to write in the data/ directory: directory "/var/named"; // the default pid-file "/var/run/named/named.pid"; dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; /* memstatistics-file "data/named_mem_stats.txt"; */ };
logging { /* If you want to enable debugging, eg. using the 'rndc trace' command, * named will try to write the 'named.run' file in the $directory (/var/named"). * By default, SELinux policy does not allow named to modify the /var/named" directory, * so put the default debug log file in data/ : */ channel default_debug { file "data/named.run"; severity dynamic; }; };
// All BIND 9 zones are in a "view", which allow different zones to be served // to different types of client addresses, and for options to be set for groups // of zones. // // By default, if named.conf contains no "view" clauses, all zones are in the // "default" view, which matches all clients. // // If named.conf contains any "view" clause, then all zones MUST be in a view; // so it is recommended to start off using views to avoid having to restructure // your configuration files in the future.
view "localhost_resolver" { /* This view sets up named to be a localhost resolver ( caching only nameserver ). * If all you want is a caching-only nameserver, then you need only define this view: */ match-clients { 127.0.0.0/24; }; match-destinations { localhost; }; recursion yes;
zone "." IN { type hint; file "/var/named/named.ca"; };
/* these are zones that contain definitions for all the localhost * names and addresses, as recommended in RFC1912 - these names should * ONLY be served to localhost clients: */ include "/var/named/named.rfc1912.zones"; };
I'd like to add geodns to BIND, so I need to modify named.conf. All that I will put into is a include of an acl file (for different IP ranges), and add a new view for existed domain.
My VPS use cPanel. What is the best way to handle this, as named.conf can be modify by cPanel? I can modify the template in /scripts/rebuilddnsconfig, but I don't know how to add a new view.
There's only one site in my VPS. But I use a few subdomains in DNS (legacy issues). Only one db file in /var/named/
I have the following problem: When i try to restart the nameserver service i get the following error:
# service named restart Stopping named: [ OK ] Starting named: Error in named configuration: /etc/named.conf:87: unknown option 'e' /etc/named.conf:120: unexpected end of input [FAILED] my named.conf as follows:
options { /* make named use port 53 for the source of all queries, to allow * firewalls to block all ports except 53: */ query-source port 53;
// Put files that named is allowed to write in the data/ directory: directory "/var/named"; // the default dump-file "data/cache_dump.db"; statistics-file "data/named_stats.txt"; /* memstatistics-file "data/named_mem_stats.txt"; */ };
logging { /* If you want to enable debugging, eg. using the 'rndc trace' command, * named will try to write the 'named.run' file in the $directory (/var/named). * By default, SELinux policy does not allow named to modify the /var/named directory, * so put the default debug log file in data/ : */ channel default_debug { file "data/named.run"; severity dynamic; }; };
// All BIND 9 zones are in a "view", which allow different zones to be served // to different types of client addresses, and for options to be set for groups // of zones. // // By default, if named.conf contains no "view" clauses, all zones are in the // "default" view, which matches all clients. // // If named.conf contains any "view" clause, then all zones MUST be in a view; // so it is recommended to start off using views to avoid having to restructure // your configuration files in the future.
view "localhost_resolver" { /* This view sets up named to be a localhost resolver ( caching only nameserver ). * If all you want is a caching-only nameserver, then you need only define this view: */ match-clients { 127.0.0.0/24; }; match-destinations { localhost; }; recursion yes;
zone "." IN { type hint; file "/var/named/named.ca"; };
// include "/var/named/named.rfc1912.zones"; // you should not serve your rfc1912 names to non-localhost clients.
// These are your "authoritativ zone "smpl.splinteredmedia.net" { type master; file "/var/named/smpl.splinteredmedia.net.db"; };
e" internal zones, and would probably // also be included in the "localhost_resolver" view above : };
view "external" { /* This view will contain zones you want to serve only to "external" clients * that have addresses that are not on your directly attached LAN interface subnets: */
recursion no; // you'd probably want to deny recursion to external clients, so you don't // end up providing free DNS service to all takers
// all views must contain the root hints zone: zone "." IN { type hint; file "/var/named/named.ca"; };
// These are your "authoritative" external zones, and would probably // contain entries for just your web and mail servers:
// BEGIN external zone entries
};
z zone "smpl.splinteredmedia.net" { type master; file "/var/named/smpl.splinteredmedia.net.db"; };
i had install cpanel on Cent Os 5 on a VPS Cpanel Correctly Running but named does not working ! i try to restart named but it say : root@server [/etc]# service named restart Stopping named: [ OK ] Starting named: Error in named configuration: none:0: open: /etc/named.conf: file not found [FAILED]
After Cpanel update latest release version. I have issue with named.conf. I tried to rebuild named. but..
/scripts/rebuilddnsconfig fixrndc requires a syntactically correct /etc/named.conf. No changes were made to /etc/named.conf.
Problem was:
/etc/named.conf:23: when using 'view' statements, all zones must be in views Anyone can explain me about "/etc/named.conf:23: when using 'view' statements, all zones must be in views"?
I see some errors about lame servers in messages log,and i noticed that look like adress of isp surfer domain beacuse i noticed domain of my isp listed also as lame name server.Here is example:
Nov 24 03:46:55 available9 named[7562]: lame server resolving '247.100.51.72.in-addr.arpa' (in '100.51.72.in-addr.arpa'?): 205.214.192.202#53 Nov 24 03:46:55 available9 named[7562]: lame server resolving '247.100.51.72.in-addr.arpa' (in '100.51.72.in-addr.arpa'?): 205.214.192.201#53 Nov 24 03:46:56 available9 named[7562]: lame server resolving '247.100.51.72.in-addr.arpa' (in '100.51.72.in-addr.arpa'?): 205.214.192.202#53 Nov 24 03:46:56 available9 named[7562]: lame server resolving '247.100.51.72.in-addr.arpa' (in '100.51.72.in-addr.arpa'?): 205.214.192.201#53 Nov 24 07:19:51 available9 named[7562]: FORMERR resolving 'ducksimilar.com/NS/IN': 203.93.208.87#53 Nov 24 07:19:51 available9 named[7562]: FORMERR resolving 'ducksimilar.com/NS/IN': 91.208.228.150#53 Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host1.experienceexcept.com/AAAA/IN': 203.93.208.87#53 Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host2.experienceexcept.com/AAAA/IN': 203.93.208.87#53 Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host1.experienceexcept.com/AAAA/IN': 91.208.228.150#53 Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host2.experienceexcept.com/AAAA/IN': 91.208.228.150#53 Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host1.experienceexcept.com/AAAA/IN': 203.93.208.87#53 Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host2.experienceexcept.com/AAAA/IN': 203.93.208.87#53 Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host1.experienceexcept.com/AAAA/IN': 91.208.228.150#53 Nov 24 07:19:52 available9 named[7562]: FORMERR resolving 'host2.experienceexcept.com/AAAA/IN': 91.208.228.150#53
I have a number of WordPress, Drupal, Wiki sites running under RHEL6.
Apache version:httpd -v Server version: Apache/2.2.15 (Unix) Server built: Aug 2 2013 08:02:18
We are subject to internal scans by Appscan and Tenable. It is a security requirement so I cannot just block them.
The scanners, of course, attempt to recurse the directory structure and find vulnerable files such as boot.ini, winnt.com and such.
This drives the php content management systems nuts. Request comes in and is handled by php. PHP checks the cache for that name and does not find it. PHP generates a MySQL query and sends it. MySQL tries and fails to satisfy the query. MySQL returns result to php. PHP Writes a cached of the result and presents it to the web.
In other words, a whole lot of processor/memory.
The security scans typically look like......
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET /../../../../../../../../../../../../etc/passwd HTTP/1.1 [Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ../../../../../../../../../../../../etc/passwd HTTP/1.1 [Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET //../../../../../../../../../../../../etc/passwd HTTP/1.1 [Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................windowswin.ini HTTP/1.1 [Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................winntwin.ini HTTP/1.1
I have been able to improve performance, speed and security by mod_rewrite
RewriteRule .*.(dll|ini|exe|com)$ - [R=404,NC]
Now (Finally) the question.
I have not been able to create a rule for the directory recursion.
I want to R=404 any that has a "../.." or "...." or ...." but I can not get it to recognize the string correctly.
I believe that this would improve speed and security.
Having been away from the hosting field for a few years returning back I notice some hosts are offering IPs with, for instance, personal basic plans. Some are even offering 15 IPs to anyone. And 350GB disk space and 1TB data transfor for $3.95, but that is another question. I wonder how they get butter on the bread with these prices.
As for IPs how do these companies get their IPs? Are there no more Icann restrictions?
Is there any hosting providers without file number limits? Or higher limits...
I've been using dreamhost, but found that they have a 500k file number limits. So now i'm using less than 2 gigs of disk and still have 370+ worthless free gigs of disk space
im using old htm pages work with php which works on localhost, but upon upload to yahoo server i need to upload a revised .htaccess which yahoo restricts
how can i read my htm pages in yahoo to work or read php in it?
can anyone direct me to a host that allows me to run an IRCd with IRC bots and bouncers?
The webspace should be 5 gigs or over and the bandwidth should be 20gigs/m or over. Free management (like offered on web intellects) would be great aswell.
I'm migrating from Plesk 9.5 to 11 and I'm getting the following on my Transfer Pre-Check from within the Migration Manager."The destination DNS server does not support networks in the Transfer Restrictions Template, but some subscriptions have networks in DNS transfer restrictions. The records with network IP addresses in the DNS transfer restrictions will not be restored."
I've gone to Server, DNS Settings, Transfer Restriction Template and added the new server's IP to the list of allowed networks to no avail. I also couldn't find any documentation on what the cause might be.
I would like to know how to check load via ssh and check files causing load?
I want the ssh codes for 2 different set of control panels, one with cpanel+whm and other with kloxo+hypervm
and I would also know how to check the files causing the load, such as some files could have been interrupted while processing, so they could be causing load some times, so I want to stop such processes if any are running on the vps on my friends accounts
It has been a long time since I setup named, and I need some help as I'm just not getting it this time around. I'm running named on CentOS under Chroot
IP Space is; 216.201.80.96/28 Gateway is 216.201.80.97 Netmask is 255.255.255.240 Useable IP Space is 216.201.80.100 - 110
named.conf --- key "rndckey" { algorithm hmac-md5; // secret is xx'ed out for this posting secret "xxxxxxxxxxxxxx"; };
zone "cheapdatamining.com" IN { type master; file "data/cheapdatamining.com.zone"; allow-update { none; }; };
cheapdatamining.com.zone -------------------------- $TTL 38400 @ IN SOA ns1.cheapdatamining.com. admin.cheapdatamining.com ( 2008090335 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400 ) ; Minimum TTL 1 day
cheapdatamining.com.INNS ns1.cheapdatamining.com. cheapdatamining.com.INNSns2.cheapdatamining.com. ns1.cheapdatamining.com.IN A 216.201.80.101 ns2.cheapdatamining.com. IN A 216.201.80.102
resolv.conf on server. -------------- search cheapdatamining.com nameserver 216.201.80.101 nameserver 216.201.80.102
Got the domain sitting at godaddy with ns1 and ns2 pointing to 216.201.80.101/102
Everything looks good as far as I can see, local nslookup on the loopback is fine, and iptables are good.
