{"id":3191,"date":"2013-03-28T20:26:03","date_gmt":"2013-03-29T03:26:03","guid":{"rendered":"http:\/\/blog.networkpresence.co\/?p=3191"},"modified":"2013-03-28T23:04:48","modified_gmt":"2013-03-29T06:04:48","slug":"how-to-close-open-bind-based-dns-servers","status":"publish","type":"post","link":"http:\/\/blog.networkpresence.co\/?p=3191","title":{"rendered":"How to close open BIND-based DNS servers"},"content":{"rendered":"<p>With DNS Amplifiers being used more and more in <a href=\"http:\/\/en.wikipedia.org\/wiki\/Denial-of-service_attack\">DOS type network attacks<\/a>, we&#8217;ve been in contact with customers who have &#8216;open&#8217; DNS resolvers and servers within Network Presence, but a quick and simple way to &#8220;lock down&#8221; your <a href=\"http:\/\/www.isc.org\/downloads\/current\">BIND based DNS Server<\/a> is to use something like the named.conf entries listed below, which are in the &#8216;options&#8217; named.conf section :<\/p>\n<p><code>options {<\/p>\n<p> allow-recursion {<br \/>\n                localhost;<br \/>\n                YOURIPADDRESSES;<br \/>\n }<br \/>\n allow-query-cache {<br \/>\n                localhost;<br \/>\n                YOURIPADDRESSES;<br \/>\n }<br \/>\n allow-transfer {<br \/>\n\t\tnone;<br \/>\n };<\/p>\n<p>};<\/code><\/p>\n<p>Where YOURIPADDRESS is the IP addresses on your VPS or Colo host itself. Please <a href=\"http:\/\/netpr.es\/contactus\">contact us<\/a> if you&#8217;re not sure of all your IP addresses.<\/p>\n<p>Then reload (eg: <code>service named reload<\/code> or <code>\/etc\/init.d\/named reload<\/code> commands as root in different Linux distros) or restart your named daemon to get those new settings.<\/p>\n<p>These options will still allow your DNS server to host your own domains, but it&#8217;ll stop it being available to resolve domains you don&#8217;t host, which is the nature of an &#8216;open&#8217; DNS resolver or server.<\/p>\n<p>It&#8217;s very important now that open DNS servers are closed on the modern Internet.<\/p>\n<p>FYI and regards,<br \/>\nRichard.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With DNS Amplifiers being used more and more in DOS type network attacks, we&#8217;ve been in contact with customers who have &#8216;open&#8217; DNS resolvers and servers within Network Presence, but a quick and simple way to &#8220;lock down&#8221; your BIND &hellip; <a href=\"http:\/\/blog.networkpresence.co\/?p=3191\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,70],"tags":[240,11,241,21,78],"class_list":["post-3191","post","type-post","status-publish","format-standard","hentry","category-network-presence","category-sales","tag-bind","tag-dns","tag-named","tag-security","tag-sysadmin"],"_links":{"self":[{"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/posts\/3191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3191"}],"version-history":[{"count":7,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/posts\/3191\/revisions"}],"predecessor-version":[{"id":3201,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/posts\/3191\/revisions\/3201"}],"wp:attachment":[{"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3191"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}