Control Web Panel

WebPanel => DNS => Topic started by: Administrator on November 06, 2013, 09:27:44 PM

Title: securing DNS server BIND (open DNS resolver)
Post by: Administrator on November 06, 2013, 09:27:44 PM
Simple way to secure dns server using one line comand.
Code: [Select]
sed -i 's/recursion yes/recursion no/g' /etc/named.conf



Bind 9.x Authoritative

For BIND 9.x authoritative servers, apply the following global options, config file /etc/named.conf :

Code: [Select]
  options {
      recursion no;
      additional-from-cache no;
  };



Bind 9.x Caching

For BIND 9.x caching servers, additionally create access control lists and use "views" to explicitly permit a limited set of source addresses from your trusted network issue queries to your caching server:

Code: [Select]
  # example only, replace 192.0.2.0/24 a list of your CIDR blocks
  acl "trusted" {
      192.0.2.0/24;
  };

  options {
      recursion no;
      additional-from-cache no;
      allow-query { none; };
  };

  view "trusted" in {
      match-clients { trusted; };
      allow-query { trusted; };
      recursion yes;
      additional-from-cache yes;
  };
Title: Re: securing DNS server BIND (open DNS resolver)
Post by: manafpdd on May 18, 2014, 08:56:49 PM
please tell me = where is the location for set cods ?
Title: Re: securing DNS server BIND (open DNS resolver)
Post by: Administrator on May 18, 2014, 09:34:20 PM
configure file location is: /etc/named.conf
Title: Re: securing DNS server BIND (open DNS resolver)
Post by: chromebook on June 21, 2014, 03:22:53 AM
thanks so much
Title: Re: securing DNS server BIND (open DNS resolver)
Post by: Haitoh on January 11, 2016, 09:34:43 PM
first thanks for cwp and the help
can you please add the steps to secure the dns in "boring details " for the linux newbies poor souls, and thank you again for the wonderful work with cwp
Title: Re: securing DNS server BIND (open DNS resolver)
Post by: Igor S. on January 12, 2016, 08:50:23 AM
Hello.

For "boring details" you can read the documentation: https://www.isc.org/wp-content/uploads/2014/01/B99ARM.pdf

first thanks for cwp and the help
can you please add the steps to secure the dns in "boring details " for the linux newbies poor souls, and thank you again for the wonderful work with cwp
Title: Re: securing DNS server BIND (open DNS resolver)
Post by: LiXuS on January 24, 2016, 07:46:26 PM
Very bushy Article IGOR ,
Thank you , you keep me busy this Manual
Title: Re: securing DNS server BIND (open DNS resolver)
Post by: Igor S. on February 02, 2016, 10:34:14 AM
Very bushy Article IGOR ,
Thank you , you keep me busy this Manual

Any time :)
Title: Re: securing DNS server BIND (open DNS resolver)
Post by: n8v8r on February 07, 2018, 12:53:51 PM
perhaps to be added/considered
Code: [Select]
allow-recursion { localnets; };
forward first;
forwarders { [i]trustedDNSRecolverIP1; trustedDNSRecolverIP2[/i];};
allow-transfer {"none";};
rate-limit {
  responses-per-second 10;
};
version none;
server-id none;
hostname none;
Title: Re: securing DNS server BIND (open DNS resolver)
Post by: llIllIllIll on October 04, 2022, 10:14:18 PM
Well, i am not the expert, just trying to understand. Is there a reason why this setting is not default?