DNS Cache Poisoning - Hostgator at risk?

[tpn87]

Been reading lately about dns cache poisoning http://www.threadwatch.org/node/6164 and how site's search engine listings are being hijacked because of open DNS servers.

I did a quick check on one of my hostgator hosted sites and it shows that the HG nameservers are indeed open. http://www.dnsreport.com/tools/dnsre...lernichols.com

I am a little concered about this. Can someone from support shed some light on this?

thanks
tyler

[DaveW]

Concerned as well. At Risk? Anyone?

[Stef]

It didn't used to be configured like this. I will try to find out and post an update.

Stef.

[newhall]

Thanks Stef, we all would be grateful if the DNS settings could be updated.

Best,
Chris

[Stef]

Recursive seems to be the default cPanel setting (dnsreport just didn't report this before), but this shouldn't cause any security issues. HG is waiting for cPanel to update this.

Stef.

[vtrain]

Quote:

Originally Posted by Stef

It didn't used to be configured like this. I will try to find out and post an update.

Stef.

Long time that they are like this. Some where around May 2005 I had a problem with the DNS servers of my ISP... and changed /etc/resolve to add the IP of my site to it. Since then I have been using the site for DNS queries and it's much faster then the DNS server from my ISP

Vt

[Kimbot]

Hi Forum

I hear that recursive DNS IS a big fat security issue.

On dnsstuff.com / dnsreport I noted that my server shows as recursive DNS.

And further research indicated that this is indeed a bad thing.

Previous threads here state that "hostgatore is monitoring these servers constantly for any form of dos or ddos attack".

Me not so sure I want a non secure system and rely on somebody else to monitor it so I monitor it 24 / 7 myself - which is a hassle.

You can have a service company "harden" your server and they can and WILL deal with this issue - info from previous thread I read - see http://www.configserver.com/

Also, if you run the dnsreport from dnsstuff.com there is a link in the error message about recursive servers, the link goes to some info about how to quite simply change a file in apache / bind to stop this.

Any further comments on this issue?

Cheers folks!

[GatorShashank]

The Open dns servers were fixed on most of our servers. It was somehow got removed from some servers due to some updates. If you see this error in your dnsreport, please email to support@hostgator.com and we will have it patched again for your server.

[theunicorn]

I reported this back in March via the ticket system and was told that HG was aware of this and that it would not cause any issues. So Impala will need to be fixed as well.

[esl]

I had this fixed a while ago without a problem.

[gtgeorge]

Quote:

Originally Posted by GatorShashank

The Open dns servers were fixed on most of our servers. It was somehow got removed from some servers due to some updates. If you see this error in your dnsreport, please email to support@hostgator.com and we will have it patched again for your server.

Reported GMC

UPDATE: fixed

[tomowa]

Reported Volvo....


Was fixed within 20 minutes of my email to support.
Thanks guys

This is resolved now on volvo as well. It's a simple and quick fix, but some servers may have had it removed on a Cpanel update, as Shashank mentioned. Any others, please just email us. We apply some other security and configuration tweaks to help with other issues not reported as well, which Cpanel updates sometimes rip out. Thanks for being vigilant and letting us know if you notice any reports of this problem on a server.

[tpn87]

reported camarro which is open.

[GatorDaveC]

I have turned off recursive DNS look-ups with will turn off the Open DNS security issue. CPanel may remove the option, but for now it is on.

[Kimbot]

Thanks Forum and Thanks Support.

I have sent email to support regarding my dedicated server which has open DNS issues.

Cheers and Thanks!

[Kimbot]

Update: Fixed.

Reported it: Sent ticket:

Got answer from ticket in under one hour.

DNS aparant recursion was stopped within the next 30 minutes.

Confirm email from support arrived 5 minutes after that.

About 1.5 hours from ticket to answer to fixed.

Pretty good support in my books.

[Serra]

Quote:

Originally Posted by Kimbot

Pretty good support in my books.

You know the saying YMMV, well I asked for the same thing and they knocked out my mail server for 9 hours. It took 4 ticket entries, 2 calm phone calls and 1 extreemly upset call at 12:30am last night to finally get it fixed.

Needless to say, I'm not extreemly happy with support today. It took them a grand total of 10 minutes to fix the problem after I threatened to come down there and strangle them all myself.

[NetSimplicite]

Just had is fixed on Puma.

Sent email 1:18PM, it was fixed 5 minutes later.

[TeeJa]

Quote:

Originally Posted by Serra

You know the saying YMMV, well I asked for the same thing and they knocked out my mail server for 9 hours. It took 4 ticket entries, 2 calm phone calls and 1 extreemly upset call at 12:30am last night to finally get it fixed.

Needless to say, I'm not extreemly happy with support today. It took them a grand total of 10 minutes to fix the problem after I threatened to come down there and strangle them all myself.

Yes, my smtp went south when they fixed the DNS thing, could email anyone on the server, but would not go to any other IP. Fixed in 10 min.

I don't know what update Cpanel did, but it changed a few things on my server in the way it performs.
My WHM loads like a snail, I am getting more spam through the spam filter, and my SMTP setting for my PHPBB forum stopped working, like in no permissions, so I had to change back to sendmail. Read somewhere that new change to Cpanel blocks that, now have to do a work around. Still looking for more snafu's.

[Serra]

Quote:

Originally Posted by TeeJa

Yes, my smtp went south when they fixed the DNS thing, could email anyone on the server, but would not go to any other IP. Fixed in 10 min.

10 minutes... Mine should have been. I shouldn't have to call support 3 times for a 10 minute fix since I actually TOLD them what was wrong in the ticket.

[Kimbot]

Hey Serra, guess it is different in each case, different fixes, different possible problems with the fix, this and that, like you say "YMMV"

(and yeah, I had to go lookup ymmv in my acronym finder! )

[vtrain]

I'm still thinking when to ask this to support. Our server also has this issue (like I said above) and I have used this in my favor as an alternative DNS server to my ISP server.

my doubts to ask support are because of e-mail problems. I prefer to do it when I do have the time to check that everything is ok. Everytime I ask something to support they are always nice and fast answering but I have to send more then 5 messages to the same ticket until things get understood/done.

Vt.

Just send in the reports/requests to support. If you find that there's an unreasonable delay in action being performed (this is not something considered an immediate threat to need it done in the time of a reboot or major issue being dealt with would), or if you find that the Level 1 techs are not understanding your issue and it's important/vital, then please ask them to escalate it to Level 3.

[vtrain]

Quote:

Originally Posted by GatorTimGreer

Just send in the reports/requests to support. If you find that there's an unreasonable delay in action being performed (this is not something considered an immediate threat to need it done in the time of a reboot or major issue being dealt with would), or if you find that the Level 1 techs are not understanding your issue and it's important/vital, then please ask them to escalate it to Level 3.

Thanks TimGreer.

Where can I read about your different support levels?
What is the difference between lvl 2 and lvl3 and what kind of issues should be asked to escalate from lvl 1 to the aboves?

Vt
I'm not worried about this particupar issue. Like I said I have lived with it for many many months now.