1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

named.conf / BIND configuration insecure by default

Discussion in 'Plesk for Linux - 8.x and Older' started by BoXie, Mar 16, 2006.

  1. BoXie

    BoXie Guest

    0
     
    Hi,

    I think Plesk's named.conf config should be more secure !!!

    It doesn't close recursive DNS by default .. so BIND is running as an open-DNS server. This makes it very vulnerable to be used in DDOS attacks.

    So there should be a 'recursion no;' in named.conf's 'options' directive.

    Furthermore i noticed when using Plesk's migration manager the migrated 'named.conf' still uses the old IP adresses in it's 'allow-transfer' part on each zone-description.

    Also: what's the story behind the SOA serial ... i think it should be better to use the 'YYYYMMDDnn, where 'nn' is the revision' - convention.
     
Loading...