How to secure DNS server

In this quick tutorial i will discuss how to secure your DNS server (Bind9), by applying the following techniques you will be able to increase your DNS server’s security from the recursion lookups.

  • First of all you should know your two ip addresses of DNS server’s, to do so just open the file/etc/nameserverips there you will get two DNS ips.

# tail /etc/nameserverips

  • Now you would need to open /etc/named.conf

# nano /etc/named.conf

  • Look up for the line :

options {

  • Add the following lines above that:

acl “trusted” {
x.x.x.x;
y.y.y.y;
};

  • Where x.x.x.x and y.y.y.y are your DNS server’s ips.
  • Now look for the line:
  • // query-source address * port 53;
  • Below it , insert the following line :

version “Bind”;
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

  • This will disable DNS Recursion, Prevent zone transfers and notifications all restricted to you DNS only and not to outside queries.
  • Save the settings and restart your BIND:
# service named restart
  • You are done! you can check and ensure your settings from the following web sites:
    • www.pnigability.com
    • www.dnstools.com
Feedback are welcome 🙂

{1} Thought on “How to secure DNS server

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>