How To Disable DNS Recursion On your server..

~Phil~ · #1 (**permalink**) 30-06-11, 05:40 PM

How To Disable DNS Recursion On your server..

Any nameserver which answers to recursive queries are normally called open
dns server. Answering to recursive queries is a big SECURITY RISK if you are
running your own dns server and can cause lot of load on your dns..

To prevent the DNS Recursion On your server is the solution for this..

You can do this by following these setpes..

1. Just check the file /etc/nameserverips and there you will get the 2 dns ips used by your server.

cat /etc/nameserverips

2. Open /etc/named.conf

Look for options { line and above it add these lines

Quote:

acl “trusted” {
xxx.xx.xxx.xx;
yyy.yyy.yyy.yy;
};

where x and y are your 2 dns ips in step (1).

3. Look for line

Quote:

// query-source address * port 53;

below it , insert the following lines.

version “Bind”;
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

This will disable dns recursion (preventing your server to be open dns server), prevent zone transfers and notification all restricted to your DNS only and not to outside queries. The version will hide the bind version.