by

A very common PCI Issue is related to the DNS servers. In order to be PCI Compliant you must disable the ability of DNS Poisioning (a process in which the DNS may be modified by an outside source and resulting in false lookups or hijacked pages).

We recommend to disable the Recursive DNS Lookups as it will not only fix the DNS Poisoning issue but it will also speed up your DNS processing by only processing real INTERNAL requests and not being an open relay for everyone.

Here’s all you have to do (cPanel servers)

edit the /etc/named.conf file

After the “CONTROLS” section, add the following:

acl “trusted” {
127.0.0.1;
YOUR IP 1;
YOUR IP2;
};

options {
directory “/var/named”;
version “not currently available”;
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
memstatistics-file “data/named_mem_stats.txt”;

};

Remove the other “OPTIONS” section in your named.conf file.

Add all your IP nubmers on the server that you want to allow access. This is not only the IP nubmers assigned to the machine, but also if you are running the dns in a cluster mode you will want to add other servers to that list.

Save the file and restart the named service (service named restart) and you should be good to go.

Leave a Reply

Your email address will not be published. Required fields are marked *