Page 1 of 1

Editing /etc/named.conf

Posted: Fri Nov 03, 2006 4:54 pm
by mikebr
I have a small dedicated linux server with WHM, on checking my server domain at:

http://www.dnsreport.com/

I found out that I had "Open DNS servers' and they suggested I correct this, so on asking my dedicated support if this was a problem they suggested I do the following:
Edit your /etc/named.conf file and add the following line within the options{} section:

recursion no;

Then restart the nameserver
Can anyone enlighten me as to how I might edit this file? I have accessed the server using:

ssh -l root [IP_Address]
password

from a terminal window but cannot seem to get to open the file for editing, would someone mind explain how I access this file to edit it or point me to a URL where I might find this information?

I guess I might need to use sudo or similer but do not want to try until I make sure.

Tried a google but can't seem to find out How to actually edit the file.

Thanks in advance

Posted: Fri Nov 03, 2006 5:15 pm
by nickvd
I'd be amazed if you were allowed to login as root over ssh, so I'm going to assume that you log-in as your own user account and either use sudo or su to switch to root.

Assuming the file is where they say it is, all you should need to do is:

Code: Select all

pico /etc/named.conf
If you are not root:

Code: Select all

sudo pico /etc/named.conf
...

Posted: Fri Nov 03, 2006 5:53 pm
by mikebr
I'd be amazed if you were allowed to login as root over ssh
Why do you say this, would it be a security issue if I was?

Tried both suggestions but can't seem to be able to save the edited file, I wonder if this is my lack of knowledge using terminal and pico!

Thanks for the suggestions.

Posted: Fri Nov 03, 2006 5:57 pm
by nickvd
mikebr wrote:
I'd be amazed if you were allowed to login as root over ssh
Why do you say this, would it be a security issue if I was?
All I'd have to do is brute force the password and I've just taken over your server. If root is not allowed to login via ssh, you would first have to brute force the user's password, then once you get into the system (as a user, not admin) you would have to brute force the root password.. It won't stop people from getting in, but it will definitely slow them down..

Posted: Fri Nov 03, 2006 7:37 pm
by Chris Corbyn
mikebr wrote:
I'd be amazed if you were allowed to login as root over ssh
Why do you say this, would it be a security issue if I was?
I'm not sure why he/she said "amazed" but yes, generally it's seen as a security hole for the reasons posted by ~nickd among other more obvious ones (watching the password being typed etc).
mikebr wrote:Tried both suggestions but can't seem to be able to save the edited file, I wonder if this is my lack of knowledge using terminal and pico!
CTRL+O saves the file (O = Output to file).
CTRL+X closes the file (it woukd ask you to save it too).

PS, for editting code and/or config files I'd usually do "pico -w filename" or "nano -w filename" so that the lines don't wrap when typing since it can have a damaging effect in these scenarios.

Posted: Fri Nov 03, 2006 8:05 pm
by nickvd
d11wtq wrote:
mikebr wrote:
I'd be amazed if you were allowed to login as root over ssh
Why do you say this, would it be a security issue if I was?
I'm not sure why he/she said "amazed" but yes, generally it's seen as a security hole for the reasons posted by ~nickd among other more obvious ones (watching the password being typed etc).
He :)

I'd be amazed because on every installation of sshd I've seen, PermitRootLogin was set to No by default, so the server admin would have to turn it on manually...
d11wtq wrote:PS, for editting code and/or config files I'd usually do "pico -w filename" or "nano -w filename" so that the lines don't wrap when typing since it can have a damaging effect in these scenarios.
I didn't know this... I've always been annoyed by the constant wrapping that pico "enforces" I'll have to remember that one...

Posted: Sat Nov 04, 2006 5:08 am
by timvw
nickvd wrote:
I didn't know this... I've always been annoyed by the constant wrapping that pico "enforces" I'll have to remember that one...
That's what you have alias 'pico'='/usr/bin/pico -w' for ;)

Posted: Sat Nov 04, 2006 8:38 am
by nickvd
Are you saying that's set by default?, it's not on both my linux boxen (it is now, but it wasn't ;))

Posted: Sat Nov 04, 2006 9:36 am
by mikebr
Thanks for the information everyone.