Named recursive DNS and DDOD prevention

by rajesh 2012-04-02 17:53:47

Allowing recursive DNS in named can be used for DDOS attack on the server.

One way to prevent this is to disable recursion or to allow only specified ips for recursion

acl "trusted" {
127.0.0.1;
localhost;
localnets;
};

options {
directory "/etc";
pid-file "/var/run/named/named.pid";
allow-transfer {trusted;};
allow-recursion {trusted;};
#recursion no;
#allow-recursion { localnets; 127.0.0.1; };
};

Tagged in:

1593
like
0
dislike
0
mail
flag

You must LOGIN to add comments