1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Caution: DNS Vulnerability

Discussion in 'Plesk 10.x for Windows Issues, Fixes, How-To' started by MaxemilianH, Aug 30, 2012.


Is this solution valuable for you?

Poll closed Oct 29, 2012.
  1. Yes

    0 vote(s)
  2. No

    0 vote(s)
  3. I was not able to reproduce the problem

    0 vote(s)
  1. MaxemilianH

    MaxemilianH Guest

    The DNS implementation seems to have a problem:
    When recursion is enabled for localnets, everybody can query the dns server. This opens the server for DoS attacks, and other vulnerabilities.

    How to test
    use nslookup on a computer which should not be in a local net
    > server <your_server_name_or_ip>
    > <any_domain_which_is_not_on_your_dns>

    If it returns valid DNS data, your server is open for vulnerabilities

    How to fix

    Open a command prompt and navigate to the bin directory of your plesk installation
    > cd %plesk_cli%

    Use the following command to restrict dns recursion to localhost:
    > server_dns -u -recursion localhost

    Re-test if the server stops answering requests which cannot be answered locally (message should be "Query refused."), but ensure the domains hosted on your machine can be resolved.

    To reset this to the default setting:
    > server_dns -u -recursion localnets


    Maxemilian Hilbrand