secure bind a bit

Discussion in 'Feature Requests' started by jayd, Nov 17, 2005.

  1. jayd

    jayd New Member

    in the normal configuration of ispconfig the system is vulnerable for this kind of attack.

    I had installed ispconfig on a fresh ubuntu 5.10 Server install. So i can't say if this is Ubuntu or ispconfig vault. But solving is really easy.

    So if you modified the named.conf.master (found in /root/ispconfig/isp/conf/) to the following, everthing is fine !

    replace with your puplic IP!
    acl recurseallow {;; };
    options {
            pid-file "/var/run/bind/run/";
            directory "{BINDDIR}";
            auth-nxdomain no;
            allow-recursion { recurseallow; };
             * If there is a firewall between you and nameservers you want
             * to talk to, you might need to uncomment the query-source
             * directive below.  Previous versions of BIND always asked
             * questions using port 53, but BIND 8.1 uses an unprivileged
             * port by default.
            // query-source address * port 53;

    Maybe it has to be placed here cause i don't take a look if ispconfig will get entrys from named.conf ...

Share This Page