DNS security question

Cameron Simpson cs at zip.com.au
Sun Feb 3 22:50:04 UTC 2008

On 03Feb2008 17:15, Luc MAIGNAN <luc.maignan at winxpert.com> wrote:
> I've setup a DNS server (Bind/Named of course) to resolve several web 
> servers I host. How can I restrict on my DNS server queries that only apply 
> to my domains names and not any ? (in others words, how to disable my 
> server to be an open-relay dns server ?)

You need to turn off the "recursion" setting. From a DNS server I
maintain, in the "options" section at the top I have:

  allow-recursion { none; };

You can be more flexible there, for example allowing recursion for your
internal LAN clients but not the outer world.

Cameron Simpson <cs at zip.com.au> DoD#743

Patent laws: made for the benefit of little inventors, opposed by little
inventors, pushed by big corporations. Something is quite wrong.
- http://slashdot.org/~marcello_dl

More information about the fedora-list mailing list