Check for DNS recursion restrictions in Virtualmin

WARNING
You have a local DNS server running but do not appear to have any recursion restrictions set. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only

edit named.conf file

nano /etc/named.conf

add below commands to /etc/named.conf

include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { localhost;} keys {"rndc-key";};};

acl "trusted"{127.0.0.1;};

and

allow-recursion { trusted;};
allow-notify { trusted;};
allow-transfer { trusted;};
forwarders {127.0.0.1;};

so your virtualmin(webmin verison 1.590) named.conf should looks like this:

//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//

include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { localhost;} keys {"rndc-key";};};

acl "trusted"{127.0.0.1;};

options {
        listen-on port 53{
                any;};
        listen-on-v6 port 53{
                any;};
        directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursion yes;

allow-recursion { trusted;};
allow-notify { trusted;};
allow-transfer { trusted;};
forwarders {127.0.0.1;};

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;/* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";};

Restart BIND DNS Server

service named restart
  • 33 Users Found This Useful
Was this answer helpful?

Related Articles

How long does it take for DNS changes to propagate?

This depends on your TTL (time to live) setting in your DNS record.This setting varies by...

What does serial / refresh / retry / expire / minimum / and TTL mean?

Caching and time to liveBecause of the huge volume of requests generated by a system like the...

DNS Overview - Resource Records

A record Section:Most records will be A records. This allows the greatest versatility in pointing...

What factors affect DNS propagation time

When you update the DNS (Domain Name System) records in your domain name’s zone file, it can...

Wildcard DNS Entry + Wildcard Server Alias (Such as for WordPress MultiSite)

WordPress support documents state that you are required to add a wildcard entry for Apache in...