• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

named.conf / BIND configuration insecure by default

B

BoXie

Guest
Hi,

I think Plesk's named.conf config should be more secure !!!

It doesn't close recursive DNS by default .. so BIND is running as an open-DNS server. This makes it very vulnerable to be used in DDOS attacks.

So there should be a 'recursion no;' in named.conf's 'options' directive.

Furthermore i noticed when using Plesk's migration manager the migrated 'named.conf' still uses the old IP adresses in it's 'allow-transfer' part on each zone-description.

Also: what's the story behind the SOA serial ... i think it should be better to use the 'YYYYMMDDnn, where 'nn' is the revision' - convention.
 
You must log in or register to reply here.

Similar threads

F
Question AlmaLinux 9.1: bind configuration for slave dns
Replies
5
Views
3K
FYI
F
L
Question Bind9 on ubuntu 14
Replies
0
Views
853
lakhwaraa
L
M
Issue Configuring slave dns on external debian box with bind
Replies
2
Views
3K
AYamshanov
AYamshanov
Herman Ronk
Question Slave DNS Manager not syncing (rndc.key location?)
Replies
7
Views
8K
Herman Ronk
Herman Ronk
A
How to add Centralized Slave DNS to Plesk Multi Server
Replies
0
Views
4K
Anton Akhtyamov
A
Back
Top