Discussion:
secure dns
(too old to reply)
Kattalia, Mark
2007-04-12 15:27:10 UTC
Permalink
Hi, everyone.
Process Software MultiNet V4.2 Rev A-X, AlphaServer 2100A 5/300, OpenVMS AXP
V6.2-1H3


I'm looking for what other folks have done to secure their dns server so
that other networks cannot do recursive lookups. The seems to lead to
problems with cache poisoning.

If folks could relate their security settings for this, it would help me
learn.

Thanks!


Mark Kattalia
CALLAN ASSOCIATES Inc.
101 California St. Suite 3500
San Francisco, Ca. 94111
(415) 274-3099
***@callan.com
Dan Wing
2007-04-12 22:00:24 UTC
Permalink
Post by Kattalia, Mark
I'm looking for what other folks have done to secure their dns server so
that other networks cannot do recursive lookups. The seems to lead to
problems with cache poisoning.
This is done with the "allow-recursion" option. Google for examples.

-d
Jeremy Begg
2007-04-13 00:57:51 UTC
Permalink
Hi Mark,
Post by Kattalia, Mark
Process Software MultiNet V4.2 Rev A-X, AlphaServer 2100A 5/300, OpenVMS AXP
V6.2-1H3
Does 4.2 run BIND 8? If not, you might be out of luck.
Post by Kattalia, Mark
I'm looking for what other folks have done to secure their dns server so
that other networks cannot do recursive lookups. The seems to lead to
problems with cache poisoning.
If folks could relate their security settings for this, it would help me
learn.
My NAMED.CONF file (MultiNet 5.1) has this ...

options {

/* Prevent remote hosts from using us for random lookups */
allow-recursion { 127.0.0.1; 150.101.13.0/27; };

};

Recently we were hit by a remote PC which was doing hundreds, if not
thousands of these, every minute. So I put an entry into my MultiNet packet
filter file to block that PC. (Fortunately this is a rare occurrence. SSH
on the other hand is subject to this sort of thing all the time.)

Regards,

Jeremy Begg

+---------------------------------------------------------+
| VSM Software Services Pty. Ltd. |
| http://www.vsm.com.au/ |
| "OpenVMS Systems Management & Programming" |
|---------------------------------------------------------|
| P.O.Box 402, Walkerville, | E-Mail: ***@vsm.com.au |
| South Australia 5081 | Phone: +61 8 8221 5188 |
|---------------------------| Mobile: 0414 422 947 |
| A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
+---------------------------------------------------------+

Loading...