Author Topic: securing DNS server BIND (open DNS resolver)  (Read 19154 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
securing DNS server BIND (open DNS resolver)
« on: November 06, 2013, 09:27:44 PM »
Simple way to secure dns server using one line comand.
Code: [Select]
sed -i 's/recursion yes/recursion no/g' /etc/named.conf



Bind 9.x Authoritative

For BIND 9.x authoritative servers, apply the following global options, config file /etc/named.conf :

Code: [Select]
  options {
      recursion no;
      additional-from-cache no;
  };



Bind 9.x Caching

For BIND 9.x caching servers, additionally create access control lists and use "views" to explicitly permit a limited set of source addresses from your trusted network issue queries to your caching server:

Code: [Select]
  # example only, replace 192.0.2.0/24 a list of your CIDR blocks
  acl "trusted" {
      192.0.2.0/24;
  };

  options {
      recursion no;
      additional-from-cache no;
      allow-query { none; };
  };

  view "trusted" in {
      match-clients { trusted; };
      allow-query { trusted; };
      recursion yes;
      additional-from-cache yes;
  };
« Last Edit: June 23, 2014, 10:17:37 AM by Administrator »
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #1 on: May 18, 2014, 08:56:49 PM »
please tell me = where is the location for set cods ?

Offline
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #2 on: May 18, 2014, 09:34:20 PM »
configure file location is: /etc/named.conf
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #3 on: June 21, 2014, 03:22:53 AM »
thanks so much

Offline
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #4 on: January 11, 2016, 09:34:43 PM »
first thanks for cwp and the help
can you please add the steps to secure the dns in "boring details " for the linux newbies poor souls, and thank you again for the wonderful work with cwp

Offline
*****
Re: securing DNS server BIND (open DNS resolver)
« Reply #5 on: January 12, 2016, 08:50:23 AM »
Hello.

For "boring details" you can read the documentation: https://www.isc.org/wp-content/uploads/2014/01/B99ARM.pdf

first thanks for cwp and the help
can you please add the steps to secure the dns in "boring details " for the linux newbies poor souls, and thank you again for the wonderful work with cwp

Offline
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #6 on: January 24, 2016, 07:46:26 PM »
Very bushy Article IGOR ,
Thank you , you keep me busy this Manual
/var/www/home.ro

Offline
*****
Re: securing DNS server BIND (open DNS resolver)
« Reply #7 on: February 02, 2016, 10:34:14 AM »
Very bushy Article IGOR ,
Thank you , you keep me busy this Manual

Any time :)