nessus scan reveals vulnerability on port domain (53/tcp)
Kevin Darcy
kcd at daimlerchrysler.com
Mon Jan 29 23:59:13 UTC 2001
allow-recursion { localnets; };
allow-recursion { 10/8; };
You can, of course, associate names with arbitrary addresses, address ranges
and/or address prefixes. For instance, on some of my firewalls I have
allow-recursion { extranet; };
where "extranet" is an "acl" I define myself (as opposed to the built-in "acl"s
like "localnets").
By the way, you should upgrade to at least BIND 8.2.3 because of the security
vulnerability that was just fixed.
- Kevin
Rick Updegrove wrote:
> Hello, below is a nessus generated scan which suggests that I "Restrict
> recursive queries to the hosts that should use this nameserver (such as
> those of the LAN connected to it). If you are using bind 8, you can do this
> by using the instruction 'allow-recursion' in the 'options' section of your
> named.conf
>
> I tried at least 3 ways of adding that - all of which errored on restart.
> Does anyone have a working example? Thanks. <By the way I upgraded the
> version already to the reccomended upgrade version>
>
> Vulnerability found on port domain (53/tcp)
>
> The remote BIND server, according to its
> version number, is vulnerable to the ZXFR
> bug that allows an attacker to disable it
> remotely.
>
> Solution : upgrade to bind 8.2.2-P7
> Risk factor : High
>
> [ back to the list of ports ]
> Warning found on port domain (53/tcp)
>
> The remote name server allows recursive queries to be performed
> by the host running nessusd.
>
> If this is your internal nameserver, then forget this warning.
>
> <This was a remote scan to my nameserver>
>
> If you are probing a remote nameserver, then it allows anyone
> to use it to resolve third parties names (such as www.nessus.org).
> This allows hackers to do cache poisoning attacks against this
> nameserver.
>
> Solution : Restrict recursive queries to the hosts that should
> use this nameserver (such as those of the LAN connected to it).
> If you are using bind 8, you can do this by using the instruction
> 'allow-recursion' in the 'options' section of your named.conf
>
> If you are using another name server, consult its documentation.
>
> Risk factor : Serious
>
> Information found on port domain (53/tcp)
>
> The remote bind version is : 8.2.2-P5
>
> < I did upgrade this >
More information about the bind-users
mailing list