Solved

Open Recursive Resolver - CentOS 5

Posted on 2014-04-01
5
817 Views
Last Modified: 2014-08-13
Hi,

I hope someone can help?

I have been left with a Linux server that is hosted externally and has been exploited. The hosting company have notified me that this server has been powered off due to its condition and the fact that it violates their 'abuse policy'.

I have included, below, the reason for the issue that has caused the power off. I am not very well versed in Linux (in fact my level of knowledge is very basic).

I have been told that that I need to rectify the problem and will be given a 30 minute window to resolve the issue. If it is resolved successfully then the server will be left powered on. If not it will be turned off again.

I have the ability to ssh onto the server as 'root' but what i need to know is really how I can switch off the 'recursive resolver' or how I can limit it so that it doesn't perform global requests etc.

The server is hosting a basic (static) website that needs to be back up and running as soon as possible.

I am not sure what the server is using for DNS - probably BIND (only because it used to be the 'defacto DNS service on Linux) but will not know that until I get them to switch the server on.

Please could someone advise me as to what I need to do to locate and fix the issue.

The operating System installed on the server is CentOS 5

The hosting company will not offer any technical support and the person who set up and previously maintained the server is no longer around.

Info from the hosting company abuse report:
You appear to be running an open recursive resolver at IP address *.*.*.* that participated in an attack against a customer of ours today, generating large UDP responses to spoofed queries, with those responses fragmented on the wire.

Please consider reconfiguring your resolver in one or more of these ways:

- To only serve your customers and not respond to outside IP addresses (to not be an open resolver)
- To only serve domains that it is authoritative for (to not work as a recursive resolver)
- To rate-limit responses to individual source IP addresses (DNS Response Rate Limiting, or DNS RRL)

Thanks!
0
Comment
Question by:RoboTiger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 39969921
allow-recursive {127.0.0.1;};
0
 

Author Comment

by:RoboTiger
ID: 39970028
Thank you for your response gheist.

As I said I am a novice to Linux and really wouldn't know where or how to make this change.

Is it something I can just enter from the command line as root, if so does it update any previous settings for 'recursive?'
0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 39970207
You have to change file /etc/named.conf
# nano -w /etc/named.conf

inside options { HERE }

you need to restrict recursive access like before

i.e
allow-recursion {127.0.0.1;X.Y.Z.0/24;};

Watch the semicolons (X.Y.Z would be placeholder if your office PCs use this DNS server)

then run
# named-checkconf -z

Once that says you sonfiguration is OK

# service named restart


now check from other system (home PC is good)

nslookup @ip_of_your_dns www.google.co.nz

any result is bad
0
 

Author Comment

by:RoboTiger
ID: 39970473
Thank you for this...

I will try this in the next few days and get back.

Thanks again :)
0
 
LVL 62

Expert Comment

by:gheist
ID: 39970501
You can ask reporter saying you are not familiar with this server, that you think you fixed, if they can check if you did...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Yesterday Apple introduced their revolutionary new iOS 5 operating system that claims to be the ultimate mobile technology interface. One of the biggest innovations of the new operating system is the introduction of the iCloud computing network. Thi…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question