Find the answer to your Linux question:
Results 1 to 2 of 2
Hi, I need suggestion here. How to secure my dns server? Dns server using rhel 5. Here is named.conf. Code: options { directory "/etc"; pid-file "/var/run/named/named.pid"; }; view "slavedns" in ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2012
    Posts
    24

    Securing DNS


    Hi,

    I need suggestion here. How to secure my dns server? Dns server using rhel 5. Here is named.conf.
    Code:
    options {
    	
    directory "/etc";
    	
    pid-file "/var/run/named/named.pid";
    	
    };
    
    
    
    view 	"slavedns" in {
        match-clients { 172.17.yyy.xxx; };
    
        	recursion yes;
    
    zone "." {
            
    type hint;
            
    file "/etc/db.cache";
            };
    
    
    
    zone "example.com.my" {
            
    	type master;
            
    	file "/var/named/example.com.my.hosts";
            
    	notify yes;
            
    	allow-transfer {
                    172.17.yyy.xxx;
    
                    };
            
    	also-notify {
                    172.17.yyy.xxx;
    
    			};
            
    		};
    
    
    
    
    	};
    
    
    
    
    
    view "internal" in {    
        
    	match-clients { 218.208.yyy.xxx; 172.17.yyy.xxx/24; 192.168.0.0/16; 127.0.0.1;  192.168.42.0/32; };
        
    	recursion yes;
    
    zone "." {
            
    				type hint;
            
    				file "/etc/db.cache";
    			
            };
    
    
    	
    zone "example.com.my" {
            
    		type master;
            
    		file "/var/named/pri.example.com.my.hosts";
    	
            notify yes;
    	
            allow-transfer {
    
                    172.17.yyy.xxx;
                    };
            also-notify {
                    172.17.yyy.xxx;
                    };
            };
    
    	zone "example2.com" {
    		type master;
    		file "/var/named/example2.com.internal.hosts";
    		};
    	zone "example.com.my" {
    		type master;
    		file "/var/named/example.com.my.internal.hosts";
    		};
    };
    
    view "external" in {
        match-clients { any; 172.17.yyy.xxx; };
        recursion no;
    
    zone "." {
            type hint;
            file "/etc/db.cache";
            };
    
    zone "example.com.my" {
            type master;
            file "/var/named/example.com.my.hosts";
            notify yes;
            allow-transfer {
                    172.17.yyy.xxxx;
                    };
            also-notify {
                    172.17.yyy.xxx;
                    };
            };
    
    	zone "example2.com" {
    		type master;
    		file "/var/named/example2.com.external.hosts";
    		};
    	zone "promitec.com.my" {
    		type master;
    		file "/var/named/example3.com.my.external.hosts";
    		};
    	zone "pena.com.my" {
    		type master;
    		file "/var/named/example4.com.my.external.hosts";
    		};
    	zone "itbm.com.my" {
    		type master;
    		file "/var/named/example.com.my.external.hosts";
    		};
    	zone "theriver.com.my" {
    		type master;
    		file "/var/named/example5.com.my.external.hosts";
    		};
    };
    
    server 8.8.8.8 {
    	};
    Can anybody from internet use my dns? Please advice me.

    Thanks.

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    899
    In addition to whatever you have to put in your config file (I'm not sure), setup your firewall / iptables to block incoming requests on DNS ports except for authorized networks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •