Skip to main content

how to disable open dns resolver in cpanel.

Comments

11 comments

  • cPanelMichael
    Hello :) Those are the default settings for the /etc/named.conf file with cPanel. It's the external view where you should ensure recursion is denied for external clients. Thank you.
    0
  • imran_khan
    Hello Michael, Thanks for the reply. I have already set recursion no; in view "external" section but my server is resolving external domain from the server. So is recursion disabled or not for me. Please see the output. # dig redhat.com @ns2.example.com ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> redhat.com @ns2.example.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33248 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0 ;; QUESTION SECTION: ;redhat.com. IN A ;; ANSWER SECTION: redhat.com. 60 IN A 209.132.183.181 ;; AUTHORITY SECTION: redhat.com. 600 IN NS ns2.redhat.com. redhat.com. 600 IN NS ns3.redhat.com. redhat.com. 600 IN NS ns4.redhat.com. redhat.com. 600 IN NS ns1.redhat.com. ;; Query time: 785 msec ;; SERVER: 10.10.10.10#53(10.10.10.10) ;; WHEN: Mon Sep 2 14:47:16 2013 ;; MSG SIZE rcvd: 116 where, ns2.example.com is my DNS server name. 10.10.10.10 is my DNS server IP. Thanks, Imran Khan.
    0
  • cPanelMichael
    Are you running the dig command from the NS2 server, or from another remote machine? Thank you.
    0
  • imran_khan
    Hello, From the NS2 server only. Thanks, Imran Khan.
    0
  • cPanelMichael
    You will need to run that command from a remote server or your local computer to get an accurate result. You will not be denied access if you are making the request from the local server. Thank you.
    0
  • imran_khan
    Hello Michael, I have checked from the remote server. Please find the out put form the same. # dig redhat.com @ns2.example.com ; <<>> DiG 9.3.4-P1 <<>> redhat.com @ns2.example.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9956 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;redhat.com. IN A ;; AUTHORITY SECTION: com. 169548 IN NS i.gtld-servers.net. com. 169548 IN NS j.gtld-servers.net. com. 169548 IN NS k.gtld-servers.net. com. 169548 IN NS l.gtld-servers.net. com. 169548 IN NS m.gtld-servers.net. com. 169548 IN NS a.gtld-servers.net. com. 169548 IN NS b.gtld-servers.net. com. 169548 IN NS c.gtld-servers.net. com. 169548 IN NS d.gtld-servers.net. com. 169548 IN NS e.gtld-servers.net. com. 169548 IN NS f.gtld-servers.net. com. 169548 IN NS g.gtld-servers.net. com. 169548 IN NS h.gtld-servers.net. ;; Query time: 26 msec ;; SERVER: 10.10.10.10#53(10.10.10.10) ;; WHEN: Mon Sep 2 15:43:25 2013 ;; MSG SIZE rcvd: 252 Thanks, Imran Khan.
    0
  • cPanelMichael
    Yes, notice the difference between: ;; ANSWER SECTION: redhat.com. 60 IN A 209.132.183.181
    And: ;; QUESTION SECTION: ;redhat.com. IN A
    As you can see, you can not determine the IP address with the second output you pasted. Thank you.
    0
  • imran_khan
    Hello Michael, Thanks. This mean my DNS server is not configured as open dns resolver? Please let me know, the cause of DNS server IP blacklisting RBL? Thanks, Imran Khan.
    0
  • imran_khan
    Hello, My DNS server showing blacklisted in Nagios system but when it checked from the various web site and showing this ip is not listed. Please suggest me on the same. CHECK_RBL CRITICAL - (3 servers timed out: spamguard.leadmon.net, bhnc.njabl.org, bl.technovision.dk) (dnsbl.solid.net) Thanks, Imran Khan.
    0
  • cPanelMichael
    You would have to contact the administrators of those lists to determine why your IP address may or may not be listed. Or, if you only notice the issue with Nagios, check with Nagios support to see why that is. Thank you.
    0
  • imran_khan
    Hello Michael, Correct. My server is not blacklisted, getting server time out error with RBL list domains. I have removed dnsbl.solid.net domain from the check_rbl command definition after that this error gone from the Nagios system. Thanks, Imran Khan.
    0

Please sign in to leave a comment.