Steps to secure a BIND DNS Server

You can follow some simple steps as listed below in order to protect your server against common DNS security problems.

1. Update Bind running on your server

If you are running Bind, make sure that its uptodate. If you are on a control panel based server (say cPanel/Plesk), the softwares will get updated when you update the control panel. Otherwise you can update Bind using the following command.

yum update bind

2. Disable DNS Recursion

The next important step is to disable DNS recursion. A DNS server that supports recursive queries is more susceptible to DDoS attacks.

You need to disable recursion in the main configuration file (/etc/named.conf). Make sure to backup your config file before making any changes.

Open the file using an editor.

vi /etc/named.conf

To disable, add the following lines to the options section in configuration file.

allow-transfer {“none”;};
allow-recursion {“none”;};
recursion no;

Save the file and restart named.

3. Hide the BIND Version

Intruders often scan DNS servers to find which ones are running vulnerable BIND/Named versions. So its a good idea to hide the bind version. Just add the following line in options section of /etc/named.conf.

version "Not available";

Save it and restart named.

December 18, 2014   1642    CPanel / WHM  
Total 1 Votes:
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?


Leave a Comment