Find the answer to your Linux question:
Results 1 to 2 of 2
Hi, I need suggestion here. How to secure my dns server? Dns server using rhel 5. Here is named.conf. Code: options { directory "/etc"; pid-file "/var/run/named/named.pid"; }; view "slavedns" in ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 12-05-2012 #1
    zabidin5417
    zabidin5417 is offline
    Just Joined!
    Join Date
    Nov 2012
    Posts
    24

    Securing DNS

    Hi,

    I need suggestion here. How to secure my dns server? Dns server using rhel 5. Here is named.conf.
    Code:
    options {
	
directory "/etc";
	
pid-file "/var/run/named/named.pid";
	
};



view 	"slavedns" in {
    match-clients { 172.17.yyy.xxx; };

    	recursion yes;

zone "." {
        
type hint;
        
file "/etc/db.cache";
        };



zone "example.com.my" {
        
	type master;
        
	file "/var/named/example.com.my.hosts";
        
	notify yes;
        
	allow-transfer {
                172.17.yyy.xxx;

                };
        
	also-notify {
                172.17.yyy.xxx;

			};
        
		};




	};





view "internal" in {    
    
	match-clients { 218.208.yyy.xxx; 172.17.yyy.xxx/24; 192.168.0.0/16; 127.0.0.1;  192.168.42.0/32; };
    
	recursion yes;

zone "." {
        
				type hint;
        
				file "/etc/db.cache";
			
        };


	
zone "example.com.my" {
        
		type master;
        
		file "/var/named/pri.example.com.my.hosts";
	
        notify yes;
	
        allow-transfer {

                172.17.yyy.xxx;
                };
        also-notify {
                172.17.yyy.xxx;
                };
        };

	zone "example2.com" {
		type master;
		file "/var/named/example2.com.internal.hosts";
		};
	zone "example.com.my" {
		type master;
		file "/var/named/example.com.my.internal.hosts";
		};
};

view "external" in {
    match-clients { any; 172.17.yyy.xxx; };
    recursion no;

zone "." {
        type hint;
        file "/etc/db.cache";
        };

zone "example.com.my" {
        type master;
        file "/var/named/example.com.my.hosts";
        notify yes;
        allow-transfer {
                172.17.yyy.xxxx;
                };
        also-notify {
                172.17.yyy.xxx;
                };
        };

	zone "example2.com" {
		type master;
		file "/var/named/example2.com.external.hosts";
		};
	zone "promitec.com.my" {
		type master;
		file "/var/named/example3.com.my.external.hosts";
		};
	zone "pena.com.my" {
		type master;
		file "/var/named/example4.com.my.external.hosts";
		};
	zone "itbm.com.my" {
		type master;
		file "/var/named/example.com.my.external.hosts";
		};
	zone "theriver.com.my" {
		type master;
		file "/var/named/example5.com.my.external.hosts";
		};
};

server 8.8.8.8 {
	};
    Can anybody from internet use my dns? Please advice me.

    Thanks.
    Reply With Quote Reply With Quote
  2. 12-06-2012 #2
    mizzle
    mizzle is offline
    Linux Enthusiast
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    561
    In addition to whatever you have to put in your config file (I'm not sure), setup your firewall / iptables to block incoming requests on DNS ports except for authorized networks.
    Configuring Centos 6 web server
    Configuring Ubuntu 12.04 LTS web server
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules