• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Slave DNS Manager Extension security

Branko

Branko

Basic Pleskian
Hello,

I have installed Slave DNS Manager Extension and set it up successfully. Everything is working great.
But, there is only one thing that bothers me.
When I run DNS test on mxtoolbox.com it warns "Open Zone Transfer Detected" for Slave Server.

I followed the exact instructions that are given in the extension and Plesk documentation. And I did not add anything else to /etc/bind/named.conf.options besides what was given by extension instructions.

Should I ignore that mxtoolbox.com warning? Is Slave Server protected from third-party zone transfer?
Or I should add some more lines to /etc/bind/named.conf.options for security?

This is the content of my /etc/bind/named.conf.options:

options {
directory "/var/cache/bind";

dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
allow-new-zones yes;
};

key "rndc-key-(My Master Server IP)" {
algorithm hmac-md5;
secret "(my-secret-key)";
};

controls {
inet * port 953 allow { (My Master Server IP); 127.0.0.1; } keys { "rndc-key-(My Master Server IP)"; };
};


Thank you in advance.
 
I have checked in the same environment.

The Slave DNS Manager suggest minimal required configuration changes.
Bind server with default settings on Ubuntu allows zone transfer, it is true. If you want disable it, put next code into "options" section of "/etc/bind/named.conf.options" and restart bind server ("systemctl restart bind9.service")
Code: 
allow-transfer { "none"; };
 
You must log in or register to reply here.

Similar threads

Dmytro
Issue Slave dns do not work on some servers
Replies
2
Views
480
Dmytro
Dmytro
B
Issue Slave DNS servers not updating zone from target server after migrating domain from source server.
Replies
3
Views
745
BigBlock
B
webdig
Question Multiple servers in same nameserver
Replies
4
Views
1K
Tobias Sorensson
T
N
Question Two Plesk Obsidian Linux Servers Master and Slave DNS
Replies
2
Views
893
Geisti
G
C
Issue Slave DNS Manager
Replies
1
Views
583
AYamshanov
AYamshanov
Back
Top