Securing The DNS Server

[~Phil~]

The importance of the DNS server is well know.. So I wont get into the importance of the securing it..

But hear I'll share with you few basic tips to secure your dns server

All you need to do is just add the following lines to your /etc/named.conf file.

1. First you should know the 2 Ips of your dns server. Just open /etc/nameserverips and there you will get the 2 dns ips.

tail /etc/nameserverips

2. Open /etc/named.conf

Look for options { line and above it add these lines

acl “trusted” {
xx.xx.xx.xx;
yy.yy.yy.yy;
};

where x and y are your 2 dns ips in step (1).

3. Look for line

// query-source address * port 53;

below it , insert the following lines.

version “Bind”;
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

This will disable dns recursion (preventing your server to be open dns server), prevent zone transfers and notification all restricted to your DNS only and not to outside queries. The version will hide the bind version.

4. Prevent DNS Spoofing

If you are running bind 8.x or prior versions, then there is a possibility that your dns server is left unprotected from forged IPs. To prevent this from happening, add this one line in your options

Options {
use-id-pool yes;
}

Once all is complete, restart the service named.

[Nicholas Easter]