Hey guys, I followed this guide (Perfect Server CentOS 6.4 | Apache) exactly, no more and no less. However I just got an email from my host saying that they have detected my server is acting as an open resolver. They asked that I update my DNS server to not be an open resolver. My questions are, how did this happen if I followed the guide exactly? Also how exactly do I fix this? Any help would be greatly appreciated. Thank you!
Hi Crypter, ISPconfig comes with its own Antivirus capability. Open resolver remains safe from external attack& spoofings from the antivirus clamav. I think that there could be issues with the clamav service. Please check the clamav service status. /etc/init.d/clamd.amavisd status Case1:If it is not running then please start the service. /etc/init.d/clamd.amavisd start Case2:If it is not present then please install the service. then just download the ispconfig 3 tar.gz again, unpack it and run the update.php in the install folder. Choose to reconfigure services during update. Br// Srijan
Please check that your named.conf looks exactly as described in the guide in chapter 17: http://www.howtoforge.com/perfect-server-centos-6.4-x86_64-apache2-dovecot-ispconfig-3-p5 Code: // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion no; allow-recursion { none; }; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.conf.local"; important are these two lines: recursion no; allow-recursion { none; };
I followed this tutorial for Wheezy and there is no mention on named.conf entries there. Is that missing there? http://www.howtoforge.com/perfect-server-debian-wheezy-apache2-bind-dovecot-ispconfig-3 EDIT: btw I see that BIND has switched to default beahvior to not allow recursion for external clients(ie. outside localnets and localhost)... No more Open DNS resolver https://kb.isc.org/article/AA-00269...of-allow-recursion-and-allow-query-cache.html
