• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved Open DNS resolver in Plesk opens up for reflection attacks?

andreios

andreios

Regular Pleskian
I live in Germany and got an mail today from the "Bundesamt für Sicherheit in der Informationstechnik (BSI)" stating that my IP servers an open DNS resolver and I should fix this issue because this can be used for reflection attacks.
In named.conf I see this in the options section:

Code: 
options {
        allow-recursion {
                any;
        };
                listen-on-v6 { any; };
        version "none";
        directory "/var";
        auth-nxdomain no;
        pid-file "/var/run/named/named.pid";
};
Is allow-recusion for all addresses really needed?

And how do I modify the options section in the right way?

Plesk Help Center

support.plesk.com
When I understand right according to this article I just have to add in options setting:
Code: 
hostname none;
And in this way I can override and set any options in the options section and it won't be removed by Plesk?

And what are the best settings to prevent reflection attacks?

My Bind Version:
BIND 9.16.1-Ubuntu (Stable Release)
Ubuntu 20.04.2 LTS
 
I found posts even from 2006 where this issue is already stated. But I couldn't find any official looking answer from Plesk for this.
How is it possible that Plesk has no interests in solving this issue for such a long period oft time?

named.conf / BIND configuration insecure by default

Hi, I think Plesk's named.conf config should be more secure !!! It doesn't close recursive DNS by default .. so BIND is running as an open-DNS server. This makes it very vulnerable to be used in DDOS attacks. So there should be a 'recursion no;' in named.conf's 'options' directive...
talk.plesk.com
 
You must log in or register to reply here.

Similar threads

tethis IT
Resolved Loads of messages "named[...]: network unreachable resolving '...': 2001:7fe::53#53"
Replies
2
Views
12K
Alban Staehli
A
H.W.B
Issue DNSSEC with Ubuntu Problems
Replies
6
Views
3K
Kaspar@Plesk
Kaspar@Plesk
F
Question AlmaLinux 9.1: bind configuration for slave dns
Replies
5
Views
3K
FYI
F
P
Issue Additional DNS Settings not working - no IPv6 Resolution
Replies
3
Views
3K
johnny_silverhand
J
C
Question VM with Plesk and Ubuntu: Ubuntu Upgrade 22.04-LTS to 24.04-LTS fails
Replies
3
Views
539
chris-taylor
C
Back
Top