When setting up a new VPS, it is sometimes possible to overlook the little details. A lot of times, unless you are using a particular service it may get ignored. BIND is one of those services. Unfortunately, if left in it’s default state and on, it is open for recursive DNS lookups. An open recursive policy can potentially leave your VPS vulnerable for use in a DDoS attack. This not only affects your VPS, but also can affect the whole node server and our network.
How Can I Stop Recursive Lookups in BIND?
Some commands of file names/locations are different, depending on your operating system.
The following example is for CentOS 6, the most popular installation on URPad to date:
- Log into your VPS and if not already, become Root.
- Change directory to /etc using the command:
cd /etc
- Look for a file called named.conf. This is the file that needs to be changed. You can edit the file with a variety of programs available on the VPS. When in your editor you want to look for and change the following section to read:
allow-transfer {“none”;};
allow-recursion {“none”;};
recursion no;
- Exit the editor while saving changes.
- Restart DNS by issuing the following command:
service bind restart
Recursion is now removed from your VPS.
Luis Pichardo says:
Thank you for this tutorial, it is good to pay attention to the little details that can bring a lot of work later…
janganan says:
very helpful, thank
Azhar says:
Thank you!
Appreciate this sharing