How to secure DNS server

In this quick tutorial i will discuss how to secure your DNS server (Bind9), by applying the following techniques you will be able to increase your DNS server’s security from the recursion lookups.

  • First of all you should know your two ip addresses of DNS server’s, to do so just open the file/etc/nameserverips there you will get two DNS ips.

# tail /etc/nameserverips

  • Now you would need to open /etc/named.conf

# nano /etc/named.conf

  • Look up for the line :

options {

  • Add the following lines above that:

acl “trusted” {
x.x.x.x;
y.y.y.y;
};

  • Where x.x.x.x and y.y.y.y are your DNS server’s ips.
  • Now look for the line:
  • // query-source address * port 53;
  • Below it , insert the following line :

version “Bind”;
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; }; Read More