Find the answer to your Linux question:
Results 1 to 4 of 4
Hello, I have an OpenVZ Linux VPS with: CentOS Linux 5.3, Webmin version 1.490 BIND DNS Server version 9.3.4 I have BIND under chroot /var/named/chroot This is my problem: My ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2009
    Posts
    10

    Open Resolver Problem - Securing BIND DNS Server


    Hello,

    I have an OpenVZ Linux VPS with:

    CentOS Linux 5.3,
    Webmin version 1.490
    BIND DNS Server version 9.3.4

    I have BIND under chroot /var/named/chroot

    This is my problem:

    My BIND DNS Server is an open resolver
    and I do not know how I can fix it.


    BTW I am a newbie in Linux.


    I did this:

    I updated my named.conf file with the following lines.


    -------------------------------------------------
    acl mynetworkips {myserverip1; myserverip2;};

    options {
    directory "/var/named";
    allow-recursion {mynetworkips;};
    allow-query-cache {mynetworkips;};
    };
    -------------------------------------------------

    This is the error message:


    Failed to start BIND : Starting named: Error in named configuration:
    named.conf:5: unknown option 'allow-query-cache' [FAILED]


    Can somebody help me?

    Thanks for your help

    peace5

  2. #2
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134
    allow-query-cache was not introduced until 9.4.1-P1
    https://lists.isc.org/pipermail/bind...ne/070691.html

    Update your version or eliminate the line.

  3. #3
    Just Joined!
    Join Date
    Oct 2009
    Posts
    10
    Hello,

    Thanks a lot for your help.

    I cannot find BIND DNS Server version 9.4.1-P1 for
    CentOS Linux 5.3 i386.

    Where can I download them?

    Best Regards

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    If I were you I would not look to update to the latest version of Bind just so your config works the way you think it should. Doing so could break something else and when you go looking for help to fix it they are going to tell you to install the Centos supplied version of the software. I've seen it many times before and usually it fixes what was broken due to the upgrade.

    Just change
    Code:
    allow-query-cache {mynetworkips;};
    to
    Code:
    allow-query {mynetworkips;};
    This will then only allow mynetworkips to query the service and fixes your problem. The only time you should install a newer version of software is to fix a software problem that you are having. Config excluded.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •