Knowledgebase

When running your own DNS / Name Servers it can be a good idea to only allow recursion on your own IP addresses, this can prevent DDoS attacks on the Name Server and improve stability.

To do this you will need to ensure you know all the IPs attached to your server, and any DNS servers which may need to run recursive queries on the DNS.

Firstly you will need to open your named.conf file, usually located at /etc/named.conf.

You can edit the file from SSH using the nano/pico editor command.

# pico /etc/named.conf

This will open the contents of the file for editing.

Now we need to add the part which will contain all the IPs which are allowed to use the DNS.

Add the following after the controls block.

acl "trusted" {

    127.0.0.1; NServer_IP; NServer_IP2;

};

Now add the following to the end of the options block so it looks something like this:

options {

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

/*

* If there is a firewall between you and nameservers you want

* to talk to, you might need to uncomment the query-source

* directive below.  Previous versions of BIND always asked

* questions using port 53, but BIND 8.1 uses an unprivileged

* port by default.

*/

// query-source address * port 53;

       version "not currently available";

       allow-recursion { trusted; };

       allow-notify { trusted; };

       allow-transfer { trusted; };

};

Save the changes and restart named.

# /etc/init.d/named restart

And your done! A simple piece of code to help make your VPS or Dedicated server more secure, and more stable.

Tweet

Was this answer helpful? Yes No

Add to Favourites   Print this Article