PCI compliance - Setting BIND to no recursion, cURL can't access external sites

Posted by Exit on Server Fault See other posts from Server Fault or by Exit
Published on 2012-10-17T02:52:45Z Indexed on 2012/10/17 5:08 UTC
Read the original article Hit count: 491

Filed under:

bind

|

curl

|

pci-dss

I was running a PCI scan and was following direction to change the BIND options from:

//      recursion no;
        allow-recursion { trusted;};
        allow-notify { trusted;};
        allow-transfer { trusted;};

to:

        recursion no;
        allow-recursion { none;};
        allow-notify { trusted;};
        allow-transfer { none;};

The end result was that cURL operations stopped being able to access external sites.

I realize that not everything will be 100% for PCI compliance, but can someone explain if there is a way to balance this for both PCI compliance and function?

© Server Fault or respective owner

Related posts about bind

ubuntu bind9 AppArmor read permission denied (chroot jail)

as seen on Server Fault - Search for 'Server Fault'
I am trying to run bind9 with chroot jail. I followed the steps mentioned at : http://www.howtoforge.com/debian_bind9_master_slave_system I am getting the following errors in my syslog: Jul 27 16:53:49 conf002 named[3988]: starting BIND 9.7.3 -u bind -t /var/lib/named Jul 27 16:53:49 conf002 named[3988]:… >>> More
setting up bind to work with nsupdate (SERVFAIL)

as seen on Server Fault - Search for 'Server Fault'
I'm trying to update my DNS-Server dynamically using nsupdate. Prerequisite I'm using Debian 6 on my DNS-Server and Debian 4 on my client. I created a public/private key pair using: dnssec-keygen -C -a HMAC-MD5 -b 512 -n USER sub.example.com. I then edited my named.conf.local to contain my public… >>> More
BIND DNS Master with Zerigo Slaves - BIND won't update the slave servers

as seen on Server Fault - Search for 'Server Fault'
I've tried to resolve this myself and have looked through Google and Stack but haven't found the answer I'm looking for. Currently on a VPS server I have BIND DNS installed as a MASTER DNS Server. I use Zerigo's DNS service as SLAVE servers for public use: The Master doesn't receive queries - It's… >>> More
How do I prevent directories mounted with 'bind' from appearing on 'Devices' on nautilus?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have these lines in the fstab # binds /media/DataNtfs/Music /home/can/Music none rw,bind /media/DataNtfs/Pictures /home/can/Pictures none rw,bind /media/DataNtfs/Downloads /home/can/Downloads none rw,bind /media/DataNtfs/Documents… >>> More
C++ question: boost::bind receive other boost::bind

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to make this code work properly, what should I do? giving this error on the last line. what am I doing wrong? i know boost::bind need a type but i'm not getting. help class A { public: template <class Handle> void bindA(Handle h) { h(1, 2); } }; class B { public: void… >>> More

Related posts about curl

iPhone Curl Left and Curl Right transitions

as seen on Stack Overflow - Search for 'Stack Overflow'
I am looking for a way to do a UIViewAnimationTransitionCurlUp or UIViewAnimationTransitionCurlDown transition on the iPhone but instead of top to bottom, do it from the left to right (or top/bottom in landscape mode). I've seen this asked aroud the internet a few times but none sems to get an answer… >>> More
PHP Curl and Curl

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi , I am able to send a get request using PHP Curl . But the same thing when i try from command line in Linux (/usr/bin/curl ) I am unable to do so. Please find below my PHP curl that is working $url = "http://172.20.22.26"; $headers = array("Host: 172.20.22.26", "User-Agent:… >>> More
php, curl , php curl , multipart/form-data , upload picture redirect

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to upload some pictures using php cURL on a classified ad website .I think that I set all the parameters properly but I see that there is a kind of redirect after I post the picture . The issue is that the url where I'm getting redirected gives 404 error instead to return the html that… >>> More
Allow Incoming Responses from Curl On Ubuntu 11.10 - Curl

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I'm trying to get a Curl Response from an outside server, however I noticed I cant neither PING the server in question nor connect to it. I tried disabling the iptables firewall but I had no success. My server is running behind a Cisco Linksys WRTN310N Router with the DD-wrt firmware Installed. In… >>> More
cURL works but PHP cURL fails to internet [migrated]

as seen on Pro Webmasters - Search for 'Pro Webmasters'
Trying to diagnose an issue using PHP to cURL to an Internet location on a RedHat Linux server. cURL is installed and working, and: <?php var_dump(curl_version()); ?> shows all the correct information in the output. The issue is I can use PHP to cURL to localhost on the box itself, but… >>> More