Sunday, April 17, 2011

Howto disable recursive DNS queries

Recursive DNS queries occur when a DNS client requests information from a DNS server that is set to query subsequent DNS servers until a definitive answer is returned to the client. The queries made to subsequent DNS servers from the first DNS server are iterative queries.
Thus keeping recursive query can lead to  unauthorized use of resources and DOS attacks.

To disable Recursive DNS follow the steps:
1) SSH server as root and edit file /etc/named.conf
root@server[~]#vi /etc/named.conf
2) add line recursion no; in options clause and it will look something like.
options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below.  Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
recursion no;
};
3) Now restart or reload named service.
root@server[~]#/etc/init.d/named reload

No comments:

Post a Comment