• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

named.conf / BIND configuration insecure by default

B

BoXie

Guest
Hi,

I think Plesk's named.conf config should be more secure !!!

It doesn't close recursive DNS by default .. so BIND is running as an open-DNS server. This makes it very vulnerable to be used in DDOS attacks.

So there should be a 'recursion no;' in named.conf's 'options' directive.

Furthermore i noticed when using Plesk's migration manager the migrated 'named.conf' still uses the old IP adresses in it's 'allow-transfer' part on each zone-description.

Also: what's the story behind the SOA serial ... i think it should be better to use the 'YYYYMMDDnn, where 'nn' is the revision' - convention.
 
You must log in or register to reply here.

Similar threads

F
Question AlmaLinux 9.1: bind configuration for slave dns
Replies
5
Views
2K
FYI
F
L
Question Bind9 on ubuntu 14
Replies
0
Views
631
lakhwaraa
L
Herman Ronk
Question Slave DNS Manager not syncing (rndc.key location?)
Replies
7
Views
7K
Herman Ronk
Herman Ronk
A
How to add Centralized Slave DNS to Plesk Multi Server
Replies
0
Views
3K
Anton Akhtyamov
A
O
DNS Server (BIND) doesn't start, gives error
Replies
2
Views
5K
Onnovb
O
Back
Top