Disabling recursive queries on DNS servers

Leave a reply

By default, cpanel doesn’t disable recursive queries on your DNS server. This can, I believe, open the door to possible attacks.

To be on the safe side, just edit the /etc/named.conf file and add the following lines, where ip1, ip2, etc, are replaced with the actual IPs of your server :

// added : http://forums.cpanel.net/showpost.php?p=217540&postcount=27
acl "trusted" {
	ip1;
	ip2;
	127.0.0.1;
};
 
options {
	// following from http://forums.cpanel.net/showpost.php?p=217540&postcount=27
	version "not currently available";
	allow-recursion { trusted; };
	allow-notify { trusted; };
	allow-transfer { trusted; };
};

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.