How to restrict zone transfers for PCI compliance in WHM – CVE-1999-0532

Recently we had to assist a client with a server that needed to become PCI compliant. One of the issues was: DNS Zone Transfer Allowed, CVE-1999-0532 and the server was running Centos 6 and WHM / cPanel.

Scanning vendors fail this because “unrestricted zone transfers” violate PCI DSS and are considered automatic failing conditions.

Now, there is not a control for this inside of WHM / cPanel so you will need to edit the named.conf file directly.

Here is how to do it:

Adding the following…

allow-transfer {“none”;};
version “”;

to the following section…

options {
allow-recursion { none; };
allow-transfer {“none”;};
version “”;
};

…within the /etc/named.conf file and then restart the named service.

Should be all set – remember to test your site(s) afterward.

Want to discuss a project?

  • This field is for validation purposes and should be left unchanged.