Recently we had to assist a client with a server that needed to become PCI compliant. One of the issues was: DNS Zone Transfer Allowed, CVE-1999-0532 and the server was running Centos 6 and WHM / cPanel.
Scanning vendors fail this because “unrestricted zone transfers” violate PCI DSS and are considered automatic failing conditions.
Now, there is not a control for this inside of WHM / cPanel so you will need to edit the named.conf file directly.
Here is how to do it:
Adding the following…
allow-transfer {“none”;};
version “”;
to the following section…
options {
allow-recursion { none; };
allow-transfer {“none”;};
version “”;
};
…within the /etc/named.conf file and then restart the named service.
Should be all set – remember to test your site(s) afterward.