Sabrin
asked on
Open DNS servers
hello,
when I go to this URL to see the reports of my name servers
http://dnsreport.com/tools/dnsreport.ch?domain=mydomain.com
I see the information bellow but I dont know how to fix it!
its running on centos v4.4
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server 1.2.3.4 reports that it will do recursive lookups. [test] See this page for info on closing open DNS servers.
when I go to this URL to see the reports of my name servers
http://dnsreport.com/tools/dnsreport.ch?domain=mydomain.com
I see the information bellow but I dont know how to fix it!
its running on centos v4.4
ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server 1.2.3.4 reports that it will do recursive lookups. [test] See this page for info on closing open DNS servers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i got it!
restart named
ASKER
include "/etc/bind/bind.conf.wp";
/**
* Options statement is now managed by WP and can be found in
* /etc/bind/options.conf.wp
*/
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
acl "trusted" {
myip1;myip2;127.0.0.1;
};
options {
directory "/var/named";
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
dump-file "/var/named/data/cache_dum
statistics-file "/var/named/data/named_sta
};