Checking for DNS Vulns

[brucew]

Read this yesterday: http://www.theregister.co.uk/2005/10/24/dns_security_survey/

It got me wondering aobut the default DNS conf in Plesk. I know from logs, that it refuses zone transfers.

I understand the concept that recursion can be a vuln, but I don't know how to check this.

Also wondering if it's set to respond only to requests for domains on the server.

Anyone know? Or better yet, can anyone show (or tell) me how to determine this?

 

[ShadowMan@]

Originally posted by brucew
Read this yesterday: http://www.theregister.co.uk/2005/10/24/dns_security_survey/

It got me wondering aobut the default DNS conf in Plesk. I know from logs, that it refuses zone transfers.

I understand the concept that recursion can be a vuln, but I don't know how to check this.

Also wondering if it's set to respond only to requests for domains on the server.

Anyone know? Or better yet, can anyone show (or tell) me how to determine this?

One good site with lots of tools is http://www.dnsstuff.com

For example doing a DNS Timing test on plesk.com shows:

Took off 2 points since ns1.plesk.com allows recursive lookups (if lots of people are using the server, it can slow down).
Took off 2 points since ns2.plesk.com allows recursive lookups (if lots of people are using the server, it can slow down).

There are many tools, try them, you'll like them....

Are you referring to "Forwarding" of requests when you say "respond only to requests for domains on the server"?

If so, then on all Plesk servers I have installed and managed, the answer is yes, forwarding is not on by default. To test this, from a SSH root login, you can issue the command "dig @localhost google.com" and you will see that all you get is a list of the internet's ROOT-SERVER.NET nameservers.