how to disable recursive queries in bind

Saturday, January 23, 2010

linux administration - tips, notes and projects

By default, bind will allow recursive queries for lookups on other domains that are not master zones on the name server.

This presents some PCI compliance issues and some informational vulnerabilities (allowing third parties to query the nameserver).

It is important to restrict who can perform DNS queries, in addition to what is allowed to be queried. If this DNS server is only meant to be recursively queried by internal users for third-party domains, then there is no reason to allow the general internet to also perform queries against it. If the server is meant only to act as a nameserver for specific domains, then recursive queries should be disabled as it is unnecessary for the server to resolve anything other than its own domains.

To disable recursive queries, add the following to the options section of named.conf:

allow-transfer {“none”;};
allow-recursion {“none”;};
recursion no;

Then restart the named service and dig at the name server to ensure the changes have taken effect.

Share on Facebook

DNS Zones and Serial Numbers 101 how to force SSL without .htaccess redirects

synergy: How to enable crypto (encryption) and generate SSL certificate

Erik

Tuesday, April 28, 2020

linux administration - tips, notes and projects

No Comment

The newer Linux versions of the popular mouse/keyboard sharing application “synergy” now has built in encryption. Here’s how to configure it: Just simply passing the –enable-crypto flag on your synergy server without having a proper SSL certificate will result in the inability to connect to clients and generate an error message similar to this in […]

Change Number Pad Delete (dot) key from a comma in Ubuntu Linux

Erik

Sunday, April 12, 2020

linux administration - tips, notes and projects

No Comment

I recently purchased a new keyboard and updated to the latest Ubuntu, I’m also an avid user of the number pad for quick input when dealing with spreadsheets or accounting. I found that my num pad’s delete key (“.”) was outputting a comma (“,”) instead. Pretty annoying? I agree, but this can be very easily […]

Jaylin Imram on Friday, February 19, 2010

Solid blog. I got a lot of great info. I’ve been watching this technology for awhile. It’s interesting how it keeps varying, yet some of the core components remain the same. Have you seen much change since Google made their latest acquisition in the arena?
reparacion ordenador valencia on Saturday, February 27, 2010

very use full information. thank you.
Tractor Freak on Thursday, March 25, 2010

Have you ever considered adding more videos to your blog posts to keep the readers more entertained? I mean I just read through the entire article of yours and it was quite good but since I’m more of a visual learner,I found that to be more helpful well let me know how it turns out. This is good…thanks for sharing
Lashawn Ciesluk on Thursday, April 1, 2010

I wanted to thank you for this great read!! I definitely enjoyed every little bit of it. I have you bookmarked your site to check out the latest stuff you post.
pharmacy technician on Saturday, April 3, 2010

Great information! I’ve been looking for something like this for a while now. Thanks!
Ford Tractor Manual on Friday, April 9, 2010

I wanted to thank you for this great read!! I definitely enjoyed every little bit of it. I have you bookmarked your site to check out the latest stuff you post.
Website Traffic Robot on Saturday, April 10, 2010

Hi, good day. Wonderful post. You have gained a new subscriber. Pleasee continue this great work and I look forward to more of your great blog posts.