Open recursive resolver
Hello
This site [url=http://openresolver.com]Open recursive DNS resolver test says:
[QUOTE]Open recursive resolver detected on ***myserverip***
I have set: [QUOTE]allow-recursion {"none";}; allow-transfer {"none";}; recursion no;
Then:
But it still says Open recursive resolver detected on ***myserverip*** Please help how can I fix it? Regards
I have set: [QUOTE]allow-recursion {"none";}; allow-transfer {"none";}; recursion no;
Then:
service named restart
But it still says Open recursive resolver detected on ***myserverip*** Please help how can I fix it? Regards
-
Hey, Where have you set this ? under the general options category or under any views such as internal or external ? 0 -
[quote="triantech, post: 1677191">Hey, Where have you set this ? under the general options category or under any views such as internal or external ?
external and general0 -
Hello :) In your /etc/named.conf file, look for: view "external" {
What is the recursion value under this view? Please keep in mind that third-party tools are not always accurate. Have you tried checking on another utility or with the command line? Thank you.0 -
[quote="cPanelMichael, post: 1677381">Hello :) In your /etc/named.conf file, look for: view "external" {
What is the recursion value under this view? Please keep in mind that third-party tools are not always accurate. Have you tried checking on another utility or with the command line? Thank you.
Hello [QUOTE]view "external" { /* This view will contain zones you want to serve only to "external" clients * that have addresses that are not on your directly attached LAN interface subnets: */ recursion no; // you'd probably want to deny recursion to external clients, so you don't // end up providing free DNS service to all takers // all views must contain the root hints zone: zone "." IN { type hint; file "/var/named/named.ca"; }; // These are your "authoritative" external zones, and would probably // contain entries for just your web and mail servers: // BEGIN external zone entries
Yes I have tested by another tools: [url=http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl/]Test for Open Resolvers It says closed, Addresses marked closed may not even be running a resolver.0 -
Right, based on the output you provided, it's simply an issue of the third-party test you used not showing accurate results. Thank you. 0
Please sign in to leave a comment.
Comments
5 comments