解决KLOXO域名解析漏洞的修补

Linode发来的关于服务器域名解析漏洞的警告:

Hello, It has come to our attention that your Linode is running an open resolver. This is a concern for us because this configuration means your Linode could easily be used in a DNS amplification attack.

We kindly ask that you investigate this matter and take appropriate action. If you are running a resolver as part of your networking configuration, you'll likely want to adjust it so that only internal requests are accepted. Please update us as soon as possible! If you have any questions or concerns, please let us know. ...

如果你在linode上使用kloxo,估计也有同样的问题。 如何修复,看下面:

这里的修复方案适用环境:

  • LINODE CENTOS 5.x
  • KLOXO 6.1.12

修复方式:登录FTP,在:/var/named/chroot/etc 目录下的两个文件:global.options.named.confnamed.conf

第一步:先确保global.options.named.conf文件内容是这样的

acl "lxcenter" {
 localhost;
};

options {
 max-transfer-time-in 60;
 transfer-format many-answers;
 transfers-in 60;
 auth-nxdomain yes;
 allow-transfer { "lxcenter"; };
 allow-recursion { "lxcenter"; };
 recursion no;
 version "LxCenter-1.0";
};

第二步:在named.conf文件里最后追加如下内容:

options
{   
version "CHISPUM";   allow-recursion {     
127.0.0.1;
YOURIP
};
};

要把上面YOUIP替换为你服务器的IP,如果有多个IP,则每个IP一行。

保存,上传到同目录覆盖原来文件。

第三步:重启服务器。并在linode support 里提交ticket请求技术再次检测确认修复漏洞。

完成。

参考:http://arafath.com/blog/how-to-fix-kloxo-recursive-dns-issue/

分类: