MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: WISTFUL on 2013-02-18, 23:15:57

Title: Nameserver software version issue
Post by: WISTFUL on 2013-02-18, 23:15:57

When I try DNS Report on http://www.dnsstuff.com (http://www.dnsstuff.com), I get WARN about "Nameserver software version"

Quote from: "http://www.dnsstuff.com"

One or more nameservers responded to version queries. This can be considered a breach of security. If a malicious person or program had access to a version-specific exploit for your DNS server, displaying the version info openly will make their attack much easier. This should be removed or obscured. The nameservers that responded to version queries are:

xxx.xxx.xxx.xxx responded with "9.9.2-P1-RedHat-9.9.2-2.P1.el6"

(On official kloxo display "LxCenter-1.0" instead "9.9.2-P1-RedHat-9.9.2-2.P1.el6")

Title: Re: Nameserver software version issue
Post by: WISTFUL on 2013-02-18, 23:49:30

These tips will help solve the issue?

How to fix Kloxo Recursive DNS issue (http://arafath.com/blog/how-to-fix-kloxo-recursive-dns-issue/)

Title: Re: Nameserver software version issue
Post by: Spacedust on 2013-02-19, 00:15:26

Quote from: "WISTFUL"

These tips will help solve the issue?

How to fix Kloxo Recursive DNS issue (http://arafath.com/blog/how-to-fix-kloxo-recursive-dns-issue/)

Use djbdns instead it's faster and more secure.

Title: Re: Nameserver software version issue
Post by: MRatWork on 2013-02-19, 00:16:10

It's the same trick in my servers but this features not ready on current Kloxo-MR.

In next release, I want remove djbdns and change too powerdns. Other features are Kloxo-MR as secondary dns server dan options for recursive.

Title: Re: Nameserver software version issue
Post by: MRatWork on 2013-02-19, 00:17:45

Powerdns more faster, less memory usage dan not need reload for add/delete/mod domains.

Title: Re: Nameserver software version issue
Post by: Spacedust on 2013-02-19, 00:22:21

I have already secondary DNS Server using Kloxo-MR on slave too ;)

Title: Re: Nameserver software version issue
Post by: MRatWork on 2013-02-19, 00:27:40

I mean have an option as 'As secondary dns' so it's make Kloxo-MR able as secondary dns for other servers (using Kloxo-MR or other panels).

Title: Re: Nameserver software version issue
Post by: Spacedust on 2013-02-19, 00:32:00

Quote from: "MRatWork"

I mean have an option as 'As secondary dns' so it's make Kloxo-MR able as secondary dns for other servers (using Kloxo-MR or other panels).

That's something new ;)

Title: Re: Nameserver software version issue
Post by: MRatWork on 2013-02-19, 00:38:20

Quote from: "Spacedust"

Quote from: "MRatWork"

I mean have an option as 'As secondary dns' so it's make Kloxo-MR able as secondary dns for other servers (using Kloxo-MR or other panels).

That's something new ;)

Yes, maybe you can offer 'secondary dns' as free or payed service.

Title: Re: Nameserver software version issue
Post by: WISTFUL on 2013-02-19, 11:58:28

Quote from: "Spacedust"

Use djbdns instead it's faster and more secure.

I do it but djbdns stopped on my services.

I try follow but do not affect:

Code: [Select]

# sh /script/fixweb
# service nginx restart
# reboot

Title: Re: Nameserver software version issue
Post by: MRatWork on 2013-02-19, 13:43:01

Quote from: "WISTFUL"

Quote from: "Spacedust"

Use djbdns instead it's faster and more secure.

I do it but djbdns stopped on my services.

I try follow but do not affect:

Code: [Select]

# sh /script/fixweb
# service nginx restart
# reboot

If your problem is dns server (djbdns), restart web server will not impact.

Because djbdns issue, change to bind/named for dns server.

Title: Re: Nameserver software version issue
Post by: WISTFUL on 2013-02-19, 13:47:37

What do you suggest?

Title: Re: Nameserver software version issue
Post by: WISTFUL on 2013-02-19, 14:26:30

Quote from: "MRatWork"

Sorry for djbdns. I will change this djbdns to powerdns. On your issue, change djbdns to bind/named via 'switch applications'

Title: Re: Nameserver software version issue
Post by: WISTFUL on 2013-02-20, 23:24:54

When I add below lines on named.conf according this instruction (http://arafath.com/blog/how-to-fix-kloxo-recursive-dns-issue), It appears that recursive dns issue is solved but after server reboot bind stops!

Code: [Select]

options
{
  version "CHISPUM";
  allow-recursion {
127.0.0.1;
xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx
  };
};

Title: Re: Nameserver software version issue
Post by: MRatWork on 2013-02-21, 00:08:35

What's about:

Code: [Select]

options
{
  version "CHISPUM";
  allow-recursion {
   127.0.0.1;
   xxx.xxx.xxx.xxx;
   xxx.xxx.xxx.xxx;
  };
};


Title: Re: Nameserver software version issue
Post by: WISTFUL on 2013-02-21, 00:50:40

Did not help...

Title: Re: Nameserver software version issue
Post by: WISTFUL on 2013-02-21, 00:57:18

After that, bind did not start (even before reboot and try belows:)

Code: [Select]

#sh /script/fixdns
#sh /script/fixweb

Title: Re: Nameserver software version issue
Post by: MRatWork on 2013-02-21, 01:03:26

After modified conf file need restart service.

Simple restart, run 'sh /script/restart-services'.

Title: Re: Nameserver software version issue
Post by: WISTFUL on 2013-02-21, 01:13:21

Did not work...
# sh /script/restart-services

Code: [Select]

Stopping named:                                            [  OK  ]
Starting named:
Error in named configuration:
/etc/named.conf:13: 'options' redefined near 'options'
                                                           [FAILED]
/script/restart-services: line 7: /etc/init.d/djbdns: No such file or directory
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Stopping nginx:.                                           [  OK  ]
Starting nginx:                                            [  OK  ]
/script/restart-services: line 7: /etc/init.d/lighttpd: No such file or directory
Stopping php-fpm:                                          [  OK  ]
Wait 2 seconds...
Starting php-fpm:                                          [  OK  ]
Restarting qmail:
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.
Stopping xinetd:                                           [  OK  ]
Starting xinetd:                                           [  OK  ]Starting named:
Error in named configuration:
/etc/named.conf:13: 'options' redefined near 'options' [FAILED]

Title: Re: Nameserver software version issue
Post by: MRatWork on 2013-02-21, 01:25:03

I think it's clear -> ' 'options' redefined near 'options' '

Title: Re: Nameserver software version issue
Post by: WISTFUL on 2013-02-21, 01:30:45

Quote from: "MRatWork"

I think it's clear -> ' 'options' redefined near 'options' '

What is your proposed solution?