Results 1 to 4 of 4
Thread: DNS Server
-
04-11-2006, 02:13 AM #1Web Hosting Evangelist
- Join Date
- Mar 2005
- Posts
- 540
DNS Server
Hello
What is the problem with the below error when getting the dnsreport for an account?
All the accounts on my server shows the same error in their reportDNS!
---------
Open DNS servers Fail
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server xxx.xxx.xx.xxx reports that it will do recursive lookups. [test]
Server xxx.xxx.xx.xxx reports that it will do recursive lookups. [test]
See this page for info on closing open DNS servers.
-------
Thanks
-
04-11-2006, 02:34 AM #2Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
you must turn on recursive lookup in the dns server to pass this test.
recursion no;
allow-recursion { ADD_LIST_OF_YOUR_IP_RANGES_HERE; };
-
04-11-2006, 05:49 PM #3Newbie
- Join Date
- Apr 2002
- Posts
- 23
as i understand it, you do NOT want the dns server to be able to do recursive lookups, hence the warning... see this thread for more info:
http://www.webmasterworld.com/forum23/4545.htm
i have the exact same problem as the original poster, where can we get some answers to this issue?
better yet, are commercial dns servers the preferred solution?
thanks.
-
04-11-2006, 06:00 PM #4Newbie
- Join Date
- Apr 2006
- Location
- Hampshire, UK
- Posts
- 15
You need to login via SSH, edit the '/etc/named.conf' file and under the below line;
Code:// query-source address * port 53;
Code:recursion no;
Sorted!