Check /etc/named.conf for recursion restrictions

[Valor]

In CSF for WHM I am getting this error:

Code:

You have a local DNS server running but do not have any recursion restrictions  set in /etc/named.conf. This is a security and performance risk and you should  look at restricting recursive lookups to the local IP addresses only

But it does not specify how to fix the problem. I figured named.conf would be a config file but it looks more like a script. I couldn't figure out what to do. Could anyone help?

[Jordan]

Take a look at your named.conf file. It should look like this:

Code:

include "/etc/rndc.key";

controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndckey"; };
};

//
// named.conf for Red Hat caching-nameserver
//

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
};

You need to add some lines to allow localhost recursion but nothing from the outside. If you disable this completely and run a DNS server this will cause the service to halt.

You need to add these lines:

Code:

allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
forwarders { 127.0.0.1; };

in Options and

Code:

acl "trusted" {
127.0.0.1;
};

So it should look like this:

Code:

include "/etc/rndc.key";

controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndckey"; };
};

//
// named.conf for Red Hat caching-nameserver
//

acl "trusted" {
127.0.0.1;
};

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        allow-recursion { trusted; };
        allow-notify { trusted; };
        allow-transfer { trusted; };
        forwarders { 127.0.0.1; };
};

Restart bind.