M
MaxemilianH
Guest
The DNS implementation seems to have a problem:
When recursion is enabled for localnets, everybody can query the dns server. This opens the server for DoS attacks, and other vulnerabilities.
How to test
use nslookup on a computer which should not be in a local net
> server <your_server_name_or_ip>
> <any_domain_which_is_not_on_your_dns>
If it returns valid DNS data, your server is open for vulnerabilities
How to fix
Open a command prompt and navigate to the bin directory of your plesk installation
> cd %plesk_cli%
Use the following command to restrict dns recursion to localhost:
> server_dns -u -recursion localhost
Re-test if the server stops answering requests which cannot be answered locally (message should be "Query refused."), but ensure the domains hosted on your machine can be resolved.
To reset this to the default setting:
> server_dns -u -recursion localnets
regards
Maxemilian Hilbrand
www.isicore.de
When recursion is enabled for localnets, everybody can query the dns server. This opens the server for DoS attacks, and other vulnerabilities.
How to test
use nslookup on a computer which should not be in a local net
> server <your_server_name_or_ip>
> <any_domain_which_is_not_on_your_dns>
If it returns valid DNS data, your server is open for vulnerabilities
How to fix
Open a command prompt and navigate to the bin directory of your plesk installation
> cd %plesk_cli%
Use the following command to restrict dns recursion to localhost:
> server_dns -u -recursion localhost
Re-test if the server stops answering requests which cannot be answered locally (message should be "Query refused."), but ensure the domains hosted on your machine can be resolved.
To reset this to the default setting:
> server_dns -u -recursion localnets
regards
Maxemilian Hilbrand
www.isicore.de