Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 2nd April 2007, 21:07
larwilliams larwilliams is offline
Junior Member
 
Join Date: Apr 2007
Posts: 29
Thanks: 0
Thanked 3 Times in 2 Posts
Default ISPConfig named.conf improvement

I would have posted this in the Developers forum, but I don't have the ability to post there. I have opened a bug report in the tracker for disabling BIND recursion (so your DNS servers won't advertise themselves as being Open).

http://sourceforge.net/tracker/index...27&atid=746125
Reply With Quote
Sponsored Links
  #2  
Old 2nd April 2007, 22:01
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,033
Thanks: 260
Thanked 145 Times in 127 Posts
Default

Add the following to the /root/ispconfig/isp/conf/named.conf.master
You will need to add it WITHIN the options { } part
Code:
allow-recursion {
localhost;
};
The end result should look like this

Code:
options {
pid-file "/var/run/bind/run/named.pid";
directory "{BINDDIR}";
auth-nxdomain no;

allow-recursion {
localhost;
};
};
After doing this, make a small change to a DNS within ISPconfig to make it read the new settings.
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #3  
Old 2nd April 2007, 22:28
larwilliams larwilliams is offline
Junior Member
 
Join Date: Apr 2007
Posts: 29
Thanks: 0
Thanked 3 Times in 2 Posts
Default

My concern is that this poor default setup for BIND leaving ISPConfig managed servers more open to Cache Poisoning. Hence why I filed a bug. Most admins wouldn't notice this problem until they get attacked.
Reply With Quote
  #4  
Old 2nd April 2007, 22:39
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,033
Thanks: 260
Thanked 145 Times in 127 Posts
Default

Problem is that it's not really a bug!

Some admins like to have it open so other users can use the DNS.
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #5  
Old 2nd April 2007, 22:54
larwilliams larwilliams is offline
Junior Member
 
Join Date: Apr 2007
Posts: 29
Thanks: 0
Thanked 3 Times in 2 Posts
Default

Understood. Just thinking it should be an option in ISPConfig Server Settings under DNS, and not a manual hack. Far easier and more secure that way.

Thank you for the intelligent replies.. Too bad I couldn't get an answer to my other post (http://www.howtoforge.com/forums/sho...d.php?t=11829). It concerns getting some intelligible client information from the ISPConfig database.

Thanks again!
Reply With Quote
  #6  
Old 2nd April 2007, 23:00
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,033
Thanks: 260
Thanked 145 Times in 127 Posts
Default

Quote:
Originally Posted by larwilliams
Understood. Just thinking it should be an option in ISPConfig Server Settings under DNS, and not a manual hack. Far easier and more secure that way.
True. It would be a nice "extra" option (I've also asked some time ago for this I believe)
Quote:
Thank you for the intelligent replies.. Too bad I couldn't get an answer to my other post (http://www.howtoforge.com/forums/sho...d.php?t=11829). It concerns getting some intelligible client information from the ISPConfig database.

Thanks again!
You will need to talk to some of the ISP developers about this. I'm sure that what you want can be done!

Just give it some "more" time, someone will answer your question!
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #7  
Old 2nd April 2007, 23:07
larwilliams larwilliams is offline
Junior Member
 
Join Date: Apr 2007
Posts: 29
Thanks: 0
Thanked 3 Times in 2 Posts
Default

Quote:
Originally Posted by edge
True. It would be a nice "extra" option (I've also asked some time ago for this I believe)

You will need to talk to some of the ISP developers about this. I'm sure that what you want can be done!

Just give it some "more" time, someone will answer your question!
If I could understand how to hook the option choice into the DNS tab and get it into the database, I could do it myself. I've already figured out what function is responsible for named.conf being created. The german comments and function names don't really help sometimes
Reply With Quote
  #8  
Old 2nd April 2007, 23:27
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,033
Thanks: 260
Thanked 145 Times in 127 Posts
Default

Dont ask me :-/ I'm a Coldfusion coder.. Way easier to work with a database :-) (I did play a bit with PHP / MySQL, and must say that it's also nice)
__________________
Never execute code written on a Friday or a Monday.
Reply With Quote
  #9  
Old 3rd April 2007, 11:01
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
 
Default

I closed the bugreport at sourceforge and left a comment there. To allow recursion in ISPConfig is a default setting that we have chosen and we wont change it in the stable branch to not break the compatibility with older versions. If you dont like the default, please change it as edge mentioned above. Changes in the config templates are no hacks, they are a valid way to change the ISPConfig defaults.

I agree that it would be a nice feature to allow enabling / disabling the recursion in the interface. To add a checkbox on the ISPConfig interface, you will ahve to use the form editor. The form editor creates also the database column for you automatically.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fastcgi and php with ispconfig tosser Installation/Configuration 14 18th January 2009 13:41
ISPconfig after installation cannot reach www.xyz.de:81 Figth4Linux Installation/Configuration 23 6th March 2008 22:38
fastcgi and php with ispconfig tosser Tips/Tricks/Mods 3 25th June 2006 21:01
ISPConfig 2.3.1-dev released till General 0 8th May 2006 22:18
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 15:16


All times are GMT +2. The time now is 21:33.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.