Monday, June 9, 2014

Limiting recursive lookups in Bind

Limiting recursive lookups in Bind is a good idea for several reasons:
  1. Why give free DNS service to the entire internet.
  2. A source of denial of service flood attack.
  3. Increases traffic, which may increase costs.
  4. Increases CPU usage.
In /etc/bind/named.conf.options:
 acl "trusted" {
     111.222.333.444/55;
        127.0.0.1;
     localhost;
     localnets;
 };

 options {
        directory "/var/cache/bind";
        auth-nxdomain no;    # conform to RFC1035
        additional-from-auth no;
        additional-from-cache no;
        allow-query { any; };
        allow-recursion { trusted; };
        allow-query-cache { trusted; };

};
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)