« previous next »
Pages: [1]

Author Topic: securing DNS server BIND (open DNS resolver)  (Read 52656 times)

0 Members and 1 Guest are viewing this topic.

Offline
Administrator
*
securing DNS server BIND (open DNS resolver)
« on: November 06, 2013, 09:27:44 PM »
Simple way to secure dns server using one line comand.
Code: [Select]
sed -i 's/recursion yes/recursion no/g' /etc/named.conf



Bind 9.x Authoritative

For BIND 9.x authoritative servers, apply the following global options, config file /etc/named.conf :

Code: [Select]
  options {
      recursion no;
      additional-from-cache no;
  };


Bind 9.x Caching

For BIND 9.x caching servers, additionally create access control lists and use "views" to explicitly permit a limited set of source addresses from your trusted network issue queries to your caching server:

Code: [Select]
  # example only, replace 192.0.2.0/24 a list of your CIDR blocks
  acl "trusted" {
      192.0.2.0/24;
  };

  options {
      recursion no;
      additional-from-cache no;
      allow-query { none; };
  };

  view "trusted" in {
      match-clients { trusted; };
      allow-query { trusted; };
      recursion yes;
      additional-from-cache yes;
  };
« Last Edit: June 23, 2014, 10:17:37 AM by Administrator »
Logged
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor

Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
 Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services
Offline
manafpdd
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #1 on: May 18, 2014, 08:56:49 PM »
please tell me = where is the location for set cods ?
Logged
Offline
Administrator
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #2 on: May 18, 2014, 09:34:20 PM »
configure file location is: /etc/named.conf
Logged
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor

Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
 Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services
Offline
chromebook
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #3 on: June 21, 2014, 03:22:53 AM »
thanks so much
Logged
Offline
Haitoh
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #4 on: January 11, 2016, 09:34:43 PM »
first thanks for cwp and the help
can you please add the steps to secure the dns in "boring details " for the linux newbies poor souls, and thank you again for the wonderful work with cwp
Logged
Offline
Igor S.
*****
Re: securing DNS server BIND (open DNS resolver)
« Reply #5 on: January 12, 2016, 08:50:23 AM »
Hello.

For "boring details" you can read the documentation: https://www.isc.org/wp-content/uploads/2014/01/B99ARM.pdf

Quote from: Haitoh on January 11, 2016, 09:34:43 PM
first thanks for cwp and the help
can you please add the steps to secure the dns in "boring details " for the linux newbies poor souls, and thank you again for the wonderful work with cwp
Logged
You can ask me to solve any problem with your server for some money in pm  ;)
Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor
Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp

 Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services
Offline
LiXuS
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #6 on: January 24, 2016, 07:46:26 PM »
Very bushy Article IGOR ,
Thank you , you keep me busy this Manual
Logged
/var/www/home.ro
Offline
Igor S.
*****
Re: securing DNS server BIND (open DNS resolver)
« Reply #7 on: February 02, 2016, 10:34:14 AM »
Quote from: LiXuS on January 24, 2016, 07:46:26 PM
Very bushy Article IGOR ,
Thank you , you keep me busy this Manual

Any time :)
Logged
You can ask me to solve any problem with your server for some money in pm  ;)
Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor
Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp

 Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services
n8v8r
Re: securing DNS server BIND (open DNS resolver)
« Reply #8 on: February 07, 2018, 12:53:51 PM »
perhaps to be added/considered
Code: [Select]
allow-recursion { localnets; };
forward first;
forwarders { [i]trustedDNSRecolverIP1; trustedDNSRecolverIP2[/i];};
allow-transfer {"none";};
rate-limit {
  responses-per-second 10;
};
version none;
server-id none;
hostname none;
Logged
Offline
llIllIllIll
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #9 on: October 04, 2022, 10:14:18 PM »
Well, i am not the expert, just trying to understand. Is there a reason why this setting is not default?
Logged
Pages: [1]
« previous next »