Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: DNS securing tips  (Read 2973 times)

0 Members and 1 Guest are viewing this topic.

Leo.Prince

  • Guest
DNS securing tips
« on: November 09, 2013, 01:05:13 pm »
Hi,

DNS is very important as it keeps very important datas. We can follow up few security measures that can be easily followed.

1, First of all, Configure your bind not to show it's version number. This will secure your DNS server from passive scanners to detect your bind version number. You can do that by adding the following section to your named.conf

Code: [Select]
options {
    version "Not available";
}


2, Installing the bind-chroot package will help you to secure your dns configuration files as well as supporting components to a secure area where root and named users can only edit them. Write permission will be isolated to named and root user.

3,  You can also restrict which hosts can perform zone transfers. BIND configurations typically have no restrictions for performing a zone transfer, which can lead to providing unwanted data to potential attackers.

Add the following section to named.conf

Code: [Select]
options {
    allow-transfer { 192.168.0.1; };
}

This restricts zone transfers to 192.168.0.1.

4, You should also disable recursive queries, which prevents your DNS server from being vulnerable to spoofing attacks. Add the following to the named.conf file

Code: [Select]
options {
    fetch-glue no;
    recursion no;
}


Thanks :)