Hi,
DNS is very important as it keeps very important datas. We can follow up few security measures that can be easily followed.
1, First of all, Configure your bind not to show it's version number. This will secure your DNS server from passive scanners to detect your bind version number. You can do that by adding the following section to your named.conf
options {
version "Not available";
}
2, Installing the bind-chroot package will help you to secure your dns configuration files as well as supporting components to a secure area where root and named users can only edit them. Write permission will be isolated to named and root user.
3, You can also restrict which hosts can perform zone transfers. BIND configurations typically have no restrictions for performing a zone transfer, which can lead to providing unwanted data to potential attackers.
Add the following section to named.conf
options {
allow-transfer { 192.168.0.1; };
}
This restricts zone transfers to 192.168.0.1.
4, You should also disable recursive queries, which prevents your DNS server from being vulnerable to spoofing attacks. Add the following to the named.conf file
options {
fetch-glue no;
recursion no;
}
Thanks