Recursive DNS Server Detection

Medium Nessus Network Monitor Plugin ID 3703

Synopsis

The remote name server allows recursive queries to be performed.

Description

It is possible to query the remote nameserver for third party names. If this is your internal nameserver, then disregard this warning. If the host allows these recursive queries via UDP, then the host can be used to 'bounce' Denial of Service attacks against another network or system.

Solution

Restrict recursive queries to the hosts that should use this nameserver (such as those of the LAN connected to it). If you are using BIND 8, you can do this by using the instruction 'allow-recursion' in the 'options' section of your named.conf. If you are using BIND 9, you can define a grouping of internal addresses using the 'acl' command. Then, within the options block, you can explicitly state: 'allow-recursion { hosts_defined_in_acl }'. If you are using another name server, consult its documentation.

See Also

http://technet.microsoft.com/en-us/library/cc787602%28WS.10%29.aspx

http://www.cert.org/advisories/CA-1997-22.html

Plugin Details

Severity: Medium

ID: 3703

File Name: 3703.prm

Family: DNS Servers

Published: 2006/08/09

Modified: 2016/02/05

Nessus ID: 10539

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:U/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:U/RL:U/RC:C

Reference Information

CVE: CVE-1999-0024

BID: 136, 678