Control Web Panel
WebPanel => DNS => Topic started by: Administrator on November 06, 2013, 09:27:44 PM
-
Simple way to secure dns server using one line comand.
sed -i 's/recursion yes/recursion no/g' /etc/named.conf
Bind 9.x Authoritative
For BIND 9.x authoritative servers, apply the following global options, config file /etc/named.conf :
options {
recursion no;
additional-from-cache no;
};
Bind 9.x Caching
For BIND 9.x caching servers, additionally create access control lists and use "views" to explicitly permit a limited set of source addresses from your trusted network issue queries to your caching server:
# example only, replace 192.0.2.0/24 a list of your CIDR blocks
acl "trusted" {
192.0.2.0/24;
};
options {
recursion no;
additional-from-cache no;
allow-query { none; };
};
view "trusted" in {
match-clients { trusted; };
allow-query { trusted; };
recursion yes;
additional-from-cache yes;
};
-
please tell me = where is the location for set cods ?
-
configure file location is: /etc/named.conf
-
thanks so much
-
first thanks for cwp and the help
can you please add the steps to secure the dns in "boring details " for the linux newbies poor souls, and thank you again for the wonderful work with cwp
-
Hello.
For "boring details" you can read the documentation: https://www.isc.org/wp-content/uploads/2014/01/B99ARM.pdf
first thanks for cwp and the help
can you please add the steps to secure the dns in "boring details " for the linux newbies poor souls, and thank you again for the wonderful work with cwp
-
Very bushy Article IGOR ,
Thank you , you keep me busy this Manual
-
Very bushy Article IGOR ,
Thank you , you keep me busy this Manual
Any time :)
-
perhaps to be added/considered
allow-recursion { localnets; };
forward first;
forwarders { [i]trustedDNSRecolverIP1; trustedDNSRecolverIP2[/i];};
allow-transfer {"none";};
rate-limit {
responses-per-second 10;
};
version none;
server-id none;
hostname none;
-
Well, i am not the expert, just trying to understand. Is there a reason why this setting is not default?