#1  
Old 6th March 2006, 23:42
jeanjacquesjeanjacques jeanjacquesjeanjacques is offline
Member
 
Join Date: Nov 2005
Posts: 60
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy Open DNS server

Hello,

I'm a bit terrorized because i've just made a dns report on one of the domains hosted on my dns server and i received this warning: ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

Server xxx.xxx.xxx.xxx reports that it will do recursive lookups.

I understand that this is really bad but i really don't know how to debug and arrange this situation ?
Does it mean that my server had been hacked ?

Thank you for helping me.
Reply With Quote
Sponsored Links
  #2  
Old 7th March 2006, 01:07
lerra lerra is offline
Member
 
Join Date: Jan 2006
Posts: 77
Thanks: 0
Thanked 0 Times in 0 Posts
Default

This means that your dns server is an openresolver and coud have been in use of a ddos attack against others by sending spoofed querys to u and your server woud send them to the attacker.

add this

allow-recursion {
localhost;
};

in the option part in named.conf
Reply With Quote
  #3  
Old 7th March 2006, 07:41
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,421
Thanks: 812
Thanked 5,205 Times in 4,081 Posts
Default

Please add this line to /root/ispconfig/isp/conf/named.conf.master too, otherwise ISPConfig will remove the lines from your named.conf when you save the next DNS records.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 7th March 2006, 09:51
jeanjacquesjeanjacques jeanjacquesjeanjacques is offline
Member
 
Join Date: Nov 2005
Posts: 60
Thanks: 0
Thanked 0 Times in 0 Posts
Default Many thanks

Hello,

Thank you very much for your help, it's ok now.
I would like to know if the cause of this open dns could be because of an error in creating the dns records of a new website hosted on my server ?
What kind of tools could i use to make an efficient rootkit detection on my debian server `? i've already used chkrootkit but i have the feeling that it's not enough, any advice ?
Reply With Quote
  #5  
Old 7th March 2006, 10:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,721 Times in 2,562 Posts
Default

Quote:
Originally Posted by jeanjacquesjeanjacques
I would like to know if the cause of this open dns could be because of an error in creating the dns records of a new website hosted on my server ?
No, no error, it was simply because you didn't have those lines in your named.conf.

Quote:
Originally Posted by jeanjacquesjeanjacques
What kind of tools could i use to make an efficient rootkit detection on my debian server `? i've already used chkrootkit but i have the feeling that it's not enough, any advice ?
Take a look here:
http://www.howtoforge.com/faq/1_38_en.html
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 8th March 2006, 00:32
hairydog2 hairydog2 is offline
Senior Member
 
Join Date: Oct 2005
Posts: 196
Thanks: 9
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by jeanjacquesjeanjacques
Does it mean that my server had been hacked ?
I don't think that this is from your server being hacked.

As far as I know, it is how ISPConfig always set up, but www.dnsreport.com has started to report on open DNS servers.

I may be wrong, but I don't think it is much to worry about. Just add the line to fix it.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
server blocked/stopped by host Ovidiu Technical 11 14th February 2006 10:50
open ports rayit General 6 18th January 2006 14:23
Email - Ueb-Miau mazhar Installation/Configuration 5 21st December 2005 10:01
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 02:30


All times are GMT +2. The time now is 07:51.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.