Named recursive DNS and DDOD prevention
by rajesh[ Edit ] 2012-04-02 17:53:47
Allowing recursive DNS in named can be used for DDOS attack on the server.
One way to prevent this is to disable recursion or to allow only specified ips for recursion
acl "trusted" {
127.0.0.1;
localhost;
localnets;
};
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
allow-transfer {trusted;};
allow-recursion {trusted;};
#recursion no;
#allow-recursion { localnets; 127.0.0.1; };
};