Results 1 to 4 of 4

Thread: DNS Server

  1. #1
    Join Date
    Mar 2005
    Posts
    540

    * DNS Server

    Hello

    What is the problem with the below error when getting the dnsreport for an account?

    All the accounts on my server shows the same error in their reportDNS!

    ---------
    Open DNS servers Fail

    ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

    Server xxx.xxx.xx.xxx reports that it will do recursive lookups. [test]
    Server xxx.xxx.xx.xxx reports that it will do recursive lookups. [test]


    See this page for info on closing open DNS servers.

    -------

    Thanks

  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    you must turn on recursive lookup in the dns server to pass this test.

    recursion no;
    allow-recursion { ADD_LIST_OF_YOUR_IP_RANGES_HERE; };

  3. #3
    as i understand it, you do NOT want the dns server to be able to do recursive lookups, hence the warning... see this thread for more info:
    http://www.webmasterworld.com/forum23/4545.htm

    i have the exact same problem as the original poster, where can we get some answers to this issue?

    better yet, are commercial dns servers the preferred solution?

    thanks.

  4. #4
    Join Date
    Apr 2006
    Location
    Hampshire, UK
    Posts
    15
    You need to login via SSH, edit the '/etc/named.conf' file and under the below line;

    Code:
    // query-source address * port 53;
    Add

    Code:
    recursion no;
    And then save the file and restart named.

    Sorted!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •