DNS Recursion Enabled – GoDaddy DNS Servers Fail PCI Compliance

In an effort to get all of my clients websites to be PCI compliant, I have come to find out that GoDaddy DNS servers are far from PCI compliant. Check out some of the related articles that I’ve posted on PCI compliance, and also review the following failure message about having DNS Recursion Enabled. Unfortunately, the areas where the GoDaddy DNS server fail the PCI compliance test must be updated by GoDaddy, and from what I gather, there doesn’t seem to be any urgency to resolve these issues on GoDaddy’s side. I’ve already begun migrating domain names from GoDaddy.

DNS Recursion Enabled

This DNS server has query recursion enabled, allowing it to answer requests for DNS zones outside of your authority. This configuration may allow attackers to perform a cache poisoning attack on your server, corrupting then name-to-IP translation tables, potentially enabling man-in-the-middle attacks.

CVE: CVE-1999-0024
NVD: CVE-1999-0024
Bugtraq: 136, 678

Leave a Reply

Your email address will not be published. Required fields are marked *