Facebook
Twitter
B
BoXie
Guest
Hi,
I think Plesk's named.conf config should be more secure !!!
It doesn't close recursive DNS by default .. so BIND is running as an open-DNS server. This makes it very vulnerable to be used in DDOS attacks.
So there should be a 'recursion no;' in named.conf's 'options' directive.
Furthermore i noticed when using Plesk's migration manager the migrated 'named.conf' still uses the old IP adresses in it's 'allow-transfer' part on each zone-description.
Also: what's the story behind the SOA serial ... i think it should be better to use the 'YYYYMMDDnn, where 'nn' is the revision' - convention.
I think Plesk's named.conf config should be more secure !!!
It doesn't close recursive DNS by default .. so BIND is running as an open-DNS server. This makes it very vulnerable to be used in DDOS attacks.
So there should be a 'recursion no;' in named.conf's 'options' directive.
Furthermore i noticed when using Plesk's migration manager the migrated 'named.conf' still uses the old IP adresses in it's 'allow-transfer' part on each zone-description.
Also: what's the story behind the SOA serial ... i think it should be better to use the 'YYYYMMDDnn, where 'nn' is the revision' - convention.
