DNS Worry

[zodiac]

I get this message when I query my name using dnsreport

ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server xxx.xxx.xxx.xxx reports that it will do recursive lookups.


the XXX is my IP Address, just removed it to be safe for the ticket.


Is there a way I can secure my DNS better
thank you

 

[rhenderson]

I get this message when I query my name using dnsreport

ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server xxx.xxx.xxx.xxx reports that it will do recursive lookups.


the XXX is my IP Address, just removed it to be safe for the ticket.


Is there a way I can secure my DNS better
thank you

I assume you got that error via dnsreport.com and there is a link there that shows you how to edit named.conf to fix it. I would put it here but I do not remember it exactly but I do remember it has something to do with recursion.

 

[hikaro]

check this link
http://www.webhostgear.com/321_print.html

 

[skyhorse]

if you do a search for "open dns" in this forum you'll find loads of threads about this...
have a quick look at Fixing open DNS servers as well, it might help...
always remember to backup your named.conf before any changes!

sky

 

[Manuel_accu]

It is related to open DNS server and that reponnds to recursive queries for anyone which may lead to DDos attack using open DNS server.

Fixing Open BIND DNS server: (source: dnsreport.com)

* Open named.conf with a text editor
* Use a line "recursion no;" in the "options" clause (or in the "view" clause)
* If you need to enable recursion for your local network, you can use a "allow-recursion { ADD_LIST_OF_YOUR_IP_RANGES_HERE; }" line in the "options" section.

If you are not sure for above step, check the below mentioned URL for easy gude:

http://forums.linuxwebadmin.info/index.php/topic,49.0.html

Thanks,