10 Steps to Securing your Server Published: Feb 04, 2006
  • Rating

    4/5

For those of you who check your nameservers and other DNS related issues using the popular site dnsreport you're probbaly seeing Fail Open DNS Servers. We'll show you have to fixed named to close open dns servers.

Close Open DNS Servers

For those of you who check your nameservers and other DNS related issues using the popular site dnsreport you're probbaly seeing Fail Open DNS Servers. We'll show you have to fixed named to close open dns servers.

How do I check my system?
Go to www.dnsreport.com and enter your domain name, eg webhostgear.com

You’re safe if you see:
PASS Open DNS servers

You need to follow this tutorial if you see:
FAIL Open DNS servers

Closing Open DNS Servers Tutorial

1) Login to your server and su to root.

2) Edit the /etc/named.conf file such as:# vi /etc/named.conf

Look for:

key "rndckey" {
};

After this add the following, replacing mainIP and secondaryIP with your systems nameservers.

acl "trusted" {
mainIP;secondaryIP;127.0.0.1;
};

3) After that’s done you want to add the section that says only the trusted is allowed for certain functions. Check your options area and make sure you add the following:

allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

So the final result looks something like:

options {
        directory "/var/named";
        allow-recursion { trusted; };
        allow-notify { trusted; };
        allow-transfer { trusted; };
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
         // query-source address * port 53;
};

4) Save the changes and restart the named service: service named restart

5) Recheck your site at dnsreport.com, you should be good!

Cheers

Steve

  • Rating

    4/5

Related Articles

Comments (0)

No one has commented on this page yet.

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2014 WebHostGear.com