Check your server for openDNS relay (DNS recursion)

You can check your dedicated/vps server for open dns relay by following below methods. It tells you if your server allows dns recursion or not. Follow these steps:

Login to your server via ssh with root login details

Execute following commands:

dig @yourServerIP google.com

if it returns ANSWER:0 that means there is no recursion allowed on the server. Otherwise recursion is allowed on the server.

I.E:

;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 37803
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

Above output shows NO RECURSION (ANSWER: 0)

How to disable DNS recursion on kloxo

Here is the quick code to disable DNS recursion on kloxo based server:

Login to SSH with root credential

Find the “named” configuration file:

# locate named.conf

For chrooted system:

Output : /var/named/chroot/etc/named.conf

Edit the file named.conf

# nano /var/named/chroot/etc/named.conf

In updated Kloxo following is the options file:

# nano /var/named/chroot/etc/global.options.named.conf

Add following code at the end of named.conf file and save changes by CTRL+O:

options {allow-recursion {127.0.0.1; };};

Exit from text editor (For nano)

CTRL+X

Restart named services:

service named restart

That is all : )

EasyApache Error -Timeout on connect..Can’t use an undefined value as an ARRAY reference at /usr/local/cpanel/Cpanel/HttpRequest.pm line 550.

Recently i had following error while re-compiling apache server from cPanel/WHM. I googled the issue and found some good solutions however i did it by my own way, I just followed the following below steps:

  • Login to SSH by root details.
  • open the file /etc/hosts by:
  • $ nano /etc/hosts
  • Change the contents of that file as follow:

::1                        localhost.localdomain localhost
127.0.0.1                        localhost.localdomain localhost
IPaddress of your server                  server.yourdomain.com server

and you ‘re done, now your hosts file seems to be configured correctly.

Update fails or server cannot connect to repositories

Hello,

Three days ago one of my client’s server ran into an issue, the server has opensuse operating system with Yast installed and webmin as hosting control panel.

The issue was, it could not able to connect to any repositories for update or to install any package either from the yast panel. I have searched alot on google and on opensuse forum but was not able to find any proper solution.

I got it solved by doing following on the server:

I came to know that the server’s reverse DNS entries are wrong and do not point to any physical server. So i changed them to openDNS resolver by following method:

Login to SSH with root details.

Open resolver file by:

nano /etc/resolv.conf

and insert the following IPs for nameservers:

nameserver 208.67.222.222
nameserver 208.67.220.220

Save the file by pressing CTRL + O and exit to the nano editor by CTRL + X

 

And you’re done, now your server can update their repositories.

How to secure DNS server

In this quick tutorial i will discuss how to secure your DNS server (Bind9), by applying the following techniques you will be able to increase your DNS server’s security from the recursion lookups.

  • First of all you should know your two ip addresses of DNS server’s, to do so just open the file/etc/nameserverips there you will get two DNS ips.

# tail /etc/nameserverips

  • Now you would need to open /etc/named.conf

# nano /etc/named.conf

  • Look up for the line :

options {

  • Add the following lines above that:

acl “trusted” {
x.x.x.x;
y.y.y.y;
};

  • Where x.x.x.x and y.y.y.y are your DNS server’s ips.
  • Now look for the line:
  • // query-source address * port 53;
  • Below it , insert the following line :

version “Bind”;
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; }; Read More