dns problem

9 posts / 0 new

Topic locked

Last post

#1 Mon, 03/24/2014 - 11:33

ddstaff

dns problem

hi all,

I've a problem with my vps, today i've received an e-mail from the society that host that.

My vps is at risk of vulnerability, and the problem are the dns.

I've installed CentOS and webmin + virtualmin.

Can anyone help me to found the problem? I've low capabilities with server :)

#2 Mon, 03/24/2014 - 12:20

andreychek

Howdy,

Hmm, I'm not sure what the problem there might be.

Could you describe the issue in more detail, including what vulnerability you're at risk of, and how they know that?

-Eric

#3 Mon, 03/24/2014 - 12:35 (Reply to #2)

ddstaff

Your server is configured as a DNS resolver promiscuous, that responds to recursive DNS queries made by any IP.

They tell me that the problem of the name servers that are recursive. Complain of vulnerability to this type of attack DNS Amplification Attack

#4 Mon, 03/24/2014 - 12:34

Locutus

Maybe your DNS server is an open resolver that can be used in DNS amplification attacks? That's my best guess. Like Eric said, we need more details about what your hosting company told you.

#5 Mon, 03/24/2014 - 12:37 (Reply to #4)

ddstaff

yes! this is precisely the problem

#6 Mon, 03/24/2014 - 13:33

Locutus

Yes, in that case your server is indeed "vulnerable" as in it can be abused to perform distributed amplification DoS attacks using spoofed UDP packets (i.e. the attacker sends specially crafted DNS requests to your server with a spoofed source IP, and your server responds with a much much larger reply to the apparent source, which in truth is the victim).

More details here: http://en.wikipedia.org/wiki/Distributed_Reflection_Denial_of_Service#Re...

You can change that by making sure that your /etc/bind/named.conf.options is set properly to allow recursion only from your LAN and localhost. By default, that's done with this block:

 allow-recursion {
        localnets;
        localhost;
        };

("Recursion" in this context means the DNS server allows and answers requests for zones that it is not authoritative for.)

#7 Mon, 03/24/2014 - 13:41 (Reply to #6)

ddstaff

ok, but if i've disable BIND.

I have the same problem?

#8 Mon, 03/24/2014 - 14:23

andreychek

You can disable BIND if you like, and you would no longer have that problem.

However, your server would not be able to act as a nameserver in that case, meaning you would need to setup all your DNS records elsewhere.

If that's okay, then you can certainly disable BIND if you want.

Note that, in that case, you would need to configure your server to use an external nameserver for DNS lookups.

-Eric

#9 Tue, 03/25/2014 - 11:44 (Reply to #8)

ddstaff

ok thanks

Topic locked