How to disable Recursive DNS Lookups

A very common PCI Issue is related to the DNS servers.  In order to be PCI Compliant you must disable the ability of DNS Poisioning (a process in which the DNS may be modified by an outside source and resulting in false lookups or hijacked pages).

We recommend to disable the Recursive DNS Lookups as it will not only fix the DNS Poisoning issue but it will also speed up your DNS processing by only processing real INTERNAL requests and not being an open relay for everyone.

Here's all you have to do  (cPanel servers)

edit the /etc/named.conf file

After the "CONTROLS" section, add the following:

acl "trusted" {
        127.0.0.1;
        YOUR IP 1;
        YOUR IP2;
};

options {
        directory "/var/named";
        version "not currently available";
        allow-recursion { trusted; };
        allow-notify { trusted; };
        allow-transfer { trusted; };
        dump-file             "data/cache_dump.db";
        statistics-file     "data/named_stats.txt";
        memstatistics-file     "data/named_mem_stats.txt";

};

 

Remove the other "OPTIONS" section in your named.conf file.

Add all your IP nubmers on the server that you want to allow access.  This is not only the IP nubmers assigned to the machine, but also if you are running the dns in a cluster mode you will want to add other servers to that list.

Save the file and restart the named service  (service named restart) and you should be good to go.



reviewed: 10/24/2016

  • Email, SSL
  • 7 Users Found This Useful
Was this answer helpful?

Related Articles

How do I find my root password?

1) Log into your billing account: https://portal.my-tss.com/clientarea.php 2) Click on the...

How to generate a CSR in WHM

You would like to purchase or transfer an SSL certificate but need a CSR to do so. Here's how to...

Changing ip addresses

To move an account from one ip to another in WHM:1) Log into WHM using root login details....

-DELETE How to downgrade MySQL from Version 5 to Version 4

If you've upgraded your MySQL Software to the newest version but for whatever reason need to...

How to add a new cPanel account in WHM

To create a new cpanel account in WebHostManager (WHM): 1. Log into whm using the root login...