• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

named.conf / BIND configuration insecure by default

B

BoXie

Guest
Hi,

I think Plesk's named.conf config should be more secure !!!

It doesn't close recursive DNS by default .. so BIND is running as an open-DNS server. This makes it very vulnerable to be used in DDOS attacks.

So there should be a 'recursion no;' in named.conf's 'options' directive.

Furthermore i noticed when using Plesk's migration manager the migrated 'named.conf' still uses the old IP adresses in it's 'allow-transfer' part on each zone-description.

Also: what's the story behind the SOA serial ... i think it should be better to use the 'YYYYMMDDnn, where 'nn' is the revision' - convention.
 
You must log in or register to reply here.

Similar threads

F
Question AlmaLinux 9.1: bind configuration for slave dns
Replies
5
Views
3K
FYI
F
L
Question Bind9 on ubuntu 14
Replies
0
Views
909
lakhwaraa
L
M
Issue Configuring slave dns on external debian box with bind
Replies
2
Views
3K
AYamshanov
AYamshanov
Herman Ronk
Question Slave DNS Manager not syncing (rndc.key location?)
Replies
7
Views
8K
Herman Ronk
Herman Ronk
A
How to add Centralized Slave DNS to Plesk Multi Server
Replies
0
Views
4K
Anton Akhtyamov
A
Back
Top