Jump to Content
Preventing Recursive Lookups for untrusted hosts BIND
- Mon, 13 Aug 2007 08:10:00 +0100
- Comments: 0
- Permalink
- Posted In: Linux
This tutorial explains how to close an open DNS server and obscure which version you are running.
Open /etc/named.conf
Undernieth this:
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndckey"; }; };
Add the following, substituting 111.222.333.444 for your servers primary IP address (if your server listens on any other addresses add those 1 per line in the acl as per the others in the list)
If you are running a DNS cluster be sure to add the IP addresses of your other DNS server into the list as well.
111.222.333.444;
127.0.0.1;
};
Next Find the options container and change it so that it looks like this:
directory "/var/named";
version "I dont think so";
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
};
Restart named and you should have a closed DNS server, You can add as many ACL's as you like for the different options such as recursion, notify & transfer to give you a bit more control , this tutorial is intended only to get you started.
Comments
No comments have been posted for this article
Add a Comment
HTML tags allowed in comments are: strong,em,ul,ol,li, URL's are automatically converted to links so no need to use <a>.
Sub Navigation
Latest Tweets
Tag Cloud
- 865patch
- access control list
- ACL
- Android
- anti-spam
- Apache
- BandApp
- bash
- BIND
- blacklist checker
- Bug
- cpanel
- debian
- dell
- DNS
- Exim
- ext3
- file system
- Firewall
- gaming
- git
- github
- Group Policy
- Half-Life
- hosting
- iDroid
- iPhone
- ISPConfig
- Linux
- logrotate
- Mac
- MailScanner
- MPTT
- optiplex gx270
- OSS
- OSX
- pear
- pecl
- perl
- PHP
- phpize
- Plesk
- ramdisk
- RBL
- RBL checker
- recursive DNS
- SBS 2003
- Security
- ServerTokens
- spamassassin
- TAL
- tmp noexec
- Webmin
- WHM
- WHM Plugin
- Windows
- XBOX
- xbox360
- YaBB
- Zend Framework