Disable Recursive Lookups in BIND image

 

When setting up a new VPS, it is sometimes possible to overlook the little details.  A lot of times, unless you are using a particular service it may get ignored.  BIND is one of those services.  Unfortunately, if left in it’s default state and on, it is open for recursive DNS lookups.  An open recursive policy can potentially leave your VPS vulnerable for use in a DDoS attack. This not only affects your VPS, but also can affect the whole node server and our network.

 

How Can I Stop Recursive Lookups in BIND?

Some commands of file names/locations are different, depending on your operating system.

The following example is for CentOS 6, the most popular installation on URPad to date:

  1. Log into your VPS and if not already, become Root.
  2. Change directory to /etc using the command:

 cd /etc

  1. Look for a file called named.conf.  This is the file that needs to be changed.  You can edit the file with a variety of programs available on the VPS.  When in your editor you want to look for and change the following section to read:

allow-transfer {“none”;};
allow-recursion {“none”;};
recursion no;

  1. Exit the editor while saving changes.
  2. Restart DNS by issuing the following command:

service bind restart

Recursion is now removed from your VPS.

Leave a Reply to janganan Cancel Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>