Open Resolver Problem - Securing BIND DNS Server

[peace5]

Hello,

I have an OpenVZ Linux VPS with:

CentOS Linux 5.3,
Webmin version 1.490
BIND DNS Server version 9.3.4

I have BIND under chroot /var/named/chroot

This is my problem:

My BIND DNS Server is an open resolver
and I do not know how I can fix it.

BTW I am a newbie in Linux.


I did this:

I updated my named.conf file with the following lines.


-------------------------------------------------
acl mynetworkips {myserverip1; myserverip2;};

options {
directory "/var/named";
allow-recursion {mynetworkips;};
allow-query-cache {mynetworkips;};
};
-------------------------------------------------

This is the error message:


Failed to start BIND : Starting named: Error in named configuration:
named.conf:5: unknown option 'allow-query-cache' [FAILED]

Can somebody help me?

Thanks for your help

peace5

[rcgreen]

allow-query-cache was not introduced until 9.4.1-P1

https://lists.isc.org/pipermail/bind...ne/070691.html

Update your version or eliminate the line.

[peace5]

Hello,

Thanks a lot for your help.

I cannot find BIND DNS Server version 9.4.1-P1 for
CentOS Linux 5.3 i386.

Where can I download them?

Best Regards

[Lazydog]

If I were you I would not look to update to the latest version of Bind just so your config works the way you think it should. Doing so could break something else and when you go looking for help to fix it they are going to tell you to install the Centos supplied version of the software. I've seen it many times before and usually it fixes what was broken due to the upgrade.

Just change

Code:

allow-query-cache {mynetworkips;};

to

Code:

allow-query {mynetworkips;};

This will then only allow mynetworkips to query the service and fixes your problem. The only time you should install a newer version of software is to fix a software problem that you are having. Config excluded.