vandal
Verified User
There is a new check at dnsstuff.com which checks for open DNS.
I tested mine as such:
http://www.dnsreport.com/tools/dnsreport.ch?domain=thinkwebmedia.com
if you failed on the open DNS here is how you can secure this:
Add all your dns servers in your cluster, including your own to the ip list under the trusted acl, then added the extra information to the "options" section.
Also, there is a "version" declartion there where can hide your version of named.
restart named and you are good to go.
good luck all!
I tested mine as such:
http://www.dnsreport.com/tools/dnsreport.ch?domain=thinkwebmedia.com
if you failed on the open DNS here is how you can secure this:
Code:
nano -w /etc/named.conf
acl "trusted" {
11.22.33.44;
44.33.22.11;
66.55.44.33;
127.0.0.1;
};
options {
directory "/var/named";
version "not currently available";
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
};
Add all your dns servers in your cluster, including your own to the ip list under the trusted acl, then added the extra information to the "options" section.
Also, there is a "version" declartion there where can hide your version of named.
restart named and you are good to go.
good luck all!
Last edited: