Closing open DNS server. Add the following to your named.conf file.
Add the following, replacing mainIP and secondaryIP with your systems nameservers.
acl "trusted" {
mainIP;secondaryIP;127.0.0.1;
};
Example:
acl "trusted" {
mainIP;secondaryIP;firstserverip;secondserverip;127.0.0.1;
};
Only the trusted IP is allowed for certain functions.
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
Example:
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndckey"; };
};
acl "trusted" {
ip1;ip2;ip3;ip4;ip5;127.0.0.1;
};
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
allow-recursion { trusted };
allow-notify { trusted };
allow-transfer { trusted };
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
Post a Comment