An open resolver is a DNS server, which will allow a recursive query of an arbitrary domain from any IP address. An open resolver can be used in a reflection DDoS. Only Subnets controlled by the organization should be allowed to conduct recursive queries on a DNS server.
The problem is bind comes from Red Hat, which has locked the 5.x version to the older bind 9.3. There is a way to get over to bind 9.7 but it is a bit beyond our scope of support. Once you get over to bind 9.7 cPanel will work with it just fine, but you have to move it over. Alternatively, you could just move to CentOS 6.
root@server1 [~]# cp -prf /var/named/ /var/named.bak root@server1 [~]# /scripts/update_local_rpm_versions --edit target_settings.named uninstalled root@server1 [~]# /scripts/update_local_rpm_versions --edit target_settings.bind uninstalled
root@server1 [~]# rpm -e bind bind-utils bind-devel bind-libs caching-nameserver
At this point you have bind out but you need to get the new version installed.
root@server1 [~]# yum -y install bind97 bind97-libs bind97-utils bind97-devel Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * base: mirror.steadfast.net * epel: mirror.symnds.com * extras: mirror.raystedman.net * updates: centos.aol.com Excluding Packages in global exclude list Finished Setting up Install Process Resolving Dependencies –> Running transaction check —> Package bind97.i386 32:9.7.0-17.P2.el5_9.1 set to be updated —> Package bind97-devel.i386 32:9.7.0-17.P2.el5_9.1 set to be updated —> Package bind97-libs.i386 32:9.7.0-17.P2.el5_9.1 set to be updated —> Package bind97-utils.i386 32:9.7.0-17.P2.el5_9.1 set to be updated –> Finished Dependency Resolution Dependencies Resolved ======================================================================= Package Arch Version Repository Size ======================================================================= Installing: bind97 i386 32:9.7.0-17.P2.el5_9.1 updates 3.5 M bind97-devel i386 32:9.7.0-17.P2.el5_9.1 updates 326 k bind97-libs i386 32:9.7.0-17.P2.el5_9.1 updates 885 k bind97-utils i386 32:9.7.0-17.P2.el5_9.1 updates 188 k Transaction Summary ======================================================================= Install 4 Package(s) Upgrade 0 Package(s) Total download size: 4.8 M Downloading Packages: (1/4): bind97-utils-9.7.0-17.P2.el5_9.1.i386.rpm | 188 kB 00:00 (2/4): bind97-devel-9.7.0-17.P2.el5_9.1.i386.rpm | 326 kB 00:01 (3/4): bind97-libs-9.7.0-17.P2.el5_9.1.i386.rpm | 885 kB 00:02 (4/4): bind97-9.7.0-17.P2.el5_9.1.i386.rpm | 3.5 MB 00:04 ———————————————————————– Total 567 kB/s | 4.8 MB 00:08 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : bind97-libs 1/4 Installing : bind97 2/4 Installing : bind97-devel 3/4 Installing : bind97-utils 4/4 Installed: bind97.i386 32:9.7.0-17.P2.el5_9.1 bind97-devel.i386 32:9.7.0-17.P2.el5_9.1 bind97-libs.i386 32:9.7.0-17.P2.el5_9.1 bind97-utils.i386 32:9.7.0-17.P2.el5_9.1 Complete!
This gets you over to the new version. You now need to cd in /var/named to ensure your zone files are there. If they are you’re a short
away from your update. If they’re missing copy them over from your backup you made at the start. They shouldn’t get moved but it’s worth testing before you go crazy looking for them. Restart named and you can check if your update worked via the status command.
root@server1 [~]# /etc/init.d/named status version: 9.7.0-P2-RedHat-9.7.0-17.P2.el5_9.1 number of zones: 40 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/1000 tcp clients: 0/100 server is up and running
That is it,