• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Caution: DNS Vulnerability

Is this solution valuable for you?

  • Yes

    Votes: 0 0.0%
  • No

    Votes: 0 0.0%
  • I was not able to reproduce the problem

    Votes: 0 0.0%

  • Total voters
    0
  • Poll closed .
M

MaxemilianH

Guest
The DNS implementation seems to have a problem:
When recursion is enabled for localnets, everybody can query the dns server. This opens the server for DoS attacks, and other vulnerabilities.

How to test
use nslookup on a computer which should not be in a local net
> server <your_server_name_or_ip>
> <any_domain_which_is_not_on_your_dns>

If it returns valid DNS data, your server is open for vulnerabilities


How to fix

Open a command prompt and navigate to the bin directory of your plesk installation
> cd %plesk_cli%

Use the following command to restrict dns recursion to localhost:
> server_dns -u -recursion localhost


Re-test if the server stops answering requests which cannot be answered locally (message should be "Query refused."), but ensure the domains hosted on your machine can be resolved.


To reset this to the default setting:
> server_dns -u -recursion localnets



regards

Maxemilian Hilbrand
www.isicore.de
 
Back
Top