-
Securing DNS
Hi,
I need suggestion here. How to secure my dns server? Dns server using rhel 5. Here is named.conf.
Code:
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
};
view "slavedns" in {
match-clients { 172.17.yyy.xxx; };
recursion yes;
zone "." {
type hint;
file "/etc/db.cache";
};
zone "example.com.my" {
type master;
file "/var/named/example.com.my.hosts";
notify yes;
allow-transfer {
172.17.yyy.xxx;
};
also-notify {
172.17.yyy.xxx;
};
};
};
view "internal" in {
match-clients { 218.208.yyy.xxx; 172.17.yyy.xxx/24; 192.168.0.0/16; 127.0.0.1; 192.168.42.0/32; };
recursion yes;
zone "." {
type hint;
file "/etc/db.cache";
};
zone "example.com.my" {
type master;
file "/var/named/pri.example.com.my.hosts";
notify yes;
allow-transfer {
172.17.yyy.xxx;
};
also-notify {
172.17.yyy.xxx;
};
};
zone "example2.com" {
type master;
file "/var/named/example2.com.internal.hosts";
};
zone "example.com.my" {
type master;
file "/var/named/example.com.my.internal.hosts";
};
};
view "external" in {
match-clients { any; 172.17.yyy.xxx; };
recursion no;
zone "." {
type hint;
file "/etc/db.cache";
};
zone "example.com.my" {
type master;
file "/var/named/example.com.my.hosts";
notify yes;
allow-transfer {
172.17.yyy.xxxx;
};
also-notify {
172.17.yyy.xxx;
};
};
zone "example2.com" {
type master;
file "/var/named/example2.com.external.hosts";
};
zone "promitec.com.my" {
type master;
file "/var/named/example3.com.my.external.hosts";
};
zone "pena.com.my" {
type master;
file "/var/named/example4.com.my.external.hosts";
};
zone "itbm.com.my" {
type master;
file "/var/named/example.com.my.external.hosts";
};
zone "theriver.com.my" {
type master;
file "/var/named/example5.com.my.external.hosts";
};
};
server 8.8.8.8 {
};
Can anybody from internet use my dns? Please advice me.
Thanks.
-
In addition to whatever you have to put in your config file (I'm not sure), setup your firewall / iptables to block incoming requests on DNS ports except for authorized networks.
