Author Topic: securing DNS server BIND (open DNS resolver)  (Read 52733 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
securing DNS server BIND (open DNS resolver)
« on: November 06, 2013, 09:27:44 PM »
Simple way to secure dns server using one line comand.
Code: [Select]
sed -i 's/recursion yes/recursion no/g' /etc/named.conf



Bind 9.x Authoritative

For BIND 9.x authoritative servers, apply the following global options, config file /etc/named.conf :

Code: [Select]
  options {
      recursion no;
      additional-from-cache no;
  };



Bind 9.x Caching

For BIND 9.x caching servers, additionally create access control lists and use "views" to explicitly permit a limited set of source addresses from your trusted network issue queries to your caching server:

Code: [Select]
  # example only, replace 192.0.2.0/24 a list of your CIDR blocks
  acl "trusted" {
      192.0.2.0/24;
  };

  options {
      recursion no;
      additional-from-cache no;
      allow-query { none; };
  };

  view "trusted" in {
      match-clients { trusted; };
      allow-query { trusted; };
      recursion yes;
      additional-from-cache yes;
  };
« Last Edit: June 23, 2014, 10:17:37 AM by Administrator »
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #1 on: May 18, 2014, 08:56:49 PM »
please tell me = where is the location for set cods ?

Offline
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #2 on: May 18, 2014, 09:34:20 PM »
configure file location is: /etc/named.conf
AntiDDoS Protection (web + mail)
http://centos-webpanel.com/website-ddos-protection-proxy

Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp


Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor


Do you need Fast and FREE Support included for your CWP linux server?
http://centos-webpanel.com/noc-partner-list
Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #3 on: June 21, 2014, 03:22:53 AM »
thanks so much

Offline
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #4 on: January 11, 2016, 09:34:43 PM »
first thanks for cwp and the help
can you please add the steps to secure the dns in "boring details " for the linux newbies poor souls, and thank you again for the wonderful work with cwp

Offline
*****
Re: securing DNS server BIND (open DNS resolver)
« Reply #5 on: January 12, 2016, 08:50:23 AM »
Hello.

For "boring details" you can read the documentation: https://www.isc.org/wp-content/uploads/2014/01/B99ARM.pdf

first thanks for cwp and the help
can you please add the steps to secure the dns in "boring details " for the linux newbies poor souls, and thank you again for the wonderful work with cwp
You can ask me to solve any problem with your server for some money in pm  ;)
Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor
Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp

Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #6 on: January 24, 2016, 07:46:26 PM »
Very bushy Article IGOR ,
Thank you , you keep me busy this Manual
/var/www/home.ro

Offline
*****
Re: securing DNS server BIND (open DNS resolver)
« Reply #7 on: February 02, 2016, 10:34:14 AM »
Very bushy Article IGOR ,
Thank you , you keep me busy this Manual

Any time :)
You can ask me to solve any problem with your server for some money in pm  ;)
Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor
Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp

Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Re: securing DNS server BIND (open DNS resolver)
« Reply #8 on: February 07, 2018, 12:53:51 PM »
perhaps to be added/considered
Code: [Select]
allow-recursion { localnets; };
forward first;
forwarders { [i]trustedDNSRecolverIP1; trustedDNSRecolverIP2[/i];};
allow-transfer {"none";};
rate-limit {
  responses-per-second 10;
};
version none;
server-id none;
hostname none;

Offline
*
Re: securing DNS server BIND (open DNS resolver)
« Reply #9 on: October 04, 2022, 10:14:18 PM »
Well, i am not the expert, just trying to understand. Is there a reason why this setting is not default?