I have csf running on a centos 6.5 box with webmin/virtualmin
server is running bind-9.8.2
when I run the server check test I get a warning that says:
But testing dns appears to suggets that recursion is not availlable to external addressesYou have a local DNS server running but do not appear to have any recursion restrictions set. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only
and according to this article:
kb-isc-org/article/AA-00269/0/What-has-changed-in-the-behavior-of-allow-recursion-and-allow-query-cache.html (not allowed topost links)
this no longer a problem because default recursion policy was changed:
can anyone please confirm if the warning csf is defunct or not?BIND's Default Policy for Recursion
In versions of BIND prior to (and including) BIND 9.4.1, the default behavior of BIND servers was to allow recursion for all clients (unless otherwise specified.)
Because open recursion has some undesirable side-effects (such as allowing a server to be exploited by attackers targeting a victim with DNS amplification attacks) the default behavior was changed in BIND 9.4.1-P1. Since 9.4.1-P1, unless an ACL is explicitly specified in the "allow-recursion" statement, the default access list is set to "localnets; localhost;" (in other words, the local server machine and those broadcast domains for which the server has a network interface configured at the time named is started.)
thanks very much
l.