Closing Open DNS Servers
(3 votes, average: 4.67 out of 5)
Loading ...
Allowing DNS Recursion is like running an Open SMTP Relay. You allow anyone to query your DNS server and this can easily lead to abuse.
You can fix this by disabling recursive lookups for not authorized IP’s.
This article will teach you step by step how to do this.
- Login to your server as root
- Edit /etc/named.conf
- Now save and restart named
pico /etc/named.conf
Add before options {} the fallowing:
acl “trusted” {
MAIN_IP;
SECONDARY_IP;
127.0.0.1;
};
Where MAIN_IP and SECONDARY_IP are the IP’s of your nameservers on that server.
Now you have to add in the same file /etc/named.conf in the options {} part of the file the fallowing:
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
service named restart
If you enjoyed this post, make sure you subscribe to my RSS feed!
- September 17th
Your blog has helped me allot with all of your security tips, I thought i would share a named secret of my own.
Inside your options {} If you add
version “What ever you would like here”
Instead of displaying the BIND version you use on port scan applications it will show your custom banner.
Keep up the good posts