This is an email notice to inform you that we've had abuse reports regarding your server. It appears that your server's DNS named service (BIND) is being exploited to leverage outgoing attacks on other networks. This is due to the configuration allowing a feature called "recursion" to be enabled/allowed. This is due to a setting on your server and we would like to offer to you a quick fix to resolve this issue. This fix will prevent future issues as well as resolve the current exploit.
First method: Attached is a script that you can upload to your server and run as the root user. The file is called namedfix.pl.txt. You would upload it as namedfix.pl or whatever you wish to call it. You would then either set execute permissions on the file (chmod 700 namedfix.pl) or run it with the perl command as: perl namedfix.pl. This should do everything automatically for you.
Second method: If you wish to apply this manually and not use the script attached, then you would locate your named.conf file (likely at /etc/named.conf). You should back up the file first, calling it something unique. Example: cp -a /etc/named.conf /etc/named.conf-safebackup. Then, once you have a safe copy of your current config file, you would open the /etc/named.conf file using your favorite text editor (vi, nano/pico, etc.) and within the options { } block, you would add the following two lines (ensuring they don't exist and are set to allow recursion; if they are, this needs to be disabled):
You will now need to reload the named service. This can be done via: service named reload Or service named restart for the changes to take effect. If you experience any errors/issues, please revert your last file and restart the service. Example: cp -af /etc/named.conf-safebackup /etc/named.conf Once you restart the service, review the changes, ensure you didn't make any typos/syntax errors and repeat this process. If it still fails, please ask us for assistance and provide the appropriate login credentials where relevant and we'll take a look.
Please note: If you find that you need recursion enabled, then it needs to be safely listed and specifically allowed to a certain IP, network or range, instead of to the world.
Once again, the script attached should be able to be ran on any server with BIND/named and will auto-fix this, if that makes it easier. Thank you for your attention on this matter. Please let us know if you have any questions or problems.
