December 23rd, 2008 — Linux, Plesk
If your server allows recursive queries it can be exploited by malicious users. It should be restricted only to ip addresses from your local nets.
To accomplish this, edit your /etc/named.conf and specify in “options” section which ACL are allowed to run recursive queries with allow-recursion option:
# /etc/named.conf
acl localnets { 127.0.0.1; 192.168.0.0/24; };
options {
...
allow-recursion { localnets; };
...
};then restart bind server:
[root@red ~]# /etc/init.d/named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
In Plesk it can be done from the Control Panel:
Server->DNS Settings->DNS Preferences->Allow recursion
and choose localhost or localnets.
November 17th, 2008 — Linux
Lame server is when a NS record for a domain specifies a server which is not authoritative for that domain.
To keep your logs clean from lame server messages (/var/log/messages):
[...]
Nov 16 15:10:50 srv named[99]: lame server resolving 'abc.com' (in 'abc.com'?): 1.2.3.4#53
Nov 16 15:10:50 srv named[99]: lame server resolving 'abc.com' (in 'abc.com'?): 1.2.3.4#53
Nov 16 15:10:50 srv named[99]: lame server resolving 'abc.com' (in 'abc.com'?): 1.2.3.4#53
Nov 16 15:10:50 srv named[99]: lame server resolving 'abc.com' (in 'abc.com'?): 1.2.3.4#53
Nov 16 19:43:25 srv named[99]: lame server resolving 'abc.com' (in 'abc.com'?): 1.2.3.4#53
Nov 16 19:43:25 srv named[99]: lame server resolving 'abc.com' (in 'abc.com'?): 1.2.3.4#53
[...]
Edit your /etc/named.conf and add:
logging {
category lame-servers { null; };
};Then restart bind daemon.