Dont leave your DNS server open? If its open dns server, it could be exploited and are most vulnerable to DOS attacks including dns cache poisoning.

An open dns server is a server that answers recursive dns queries. Put simple the dns server should perform lookups answers to the queries coming from your network,and also from outside world.

For example if want ip address of google.com and your dns server will resolve and answers with IP address so does for an attacker sitting in other side of the world.

To test this you can use dig from your command line.

dig @server query.

dig @1.2.3.4 example.com (test it from inside network)
dig @1.2.3.4 example.com (test it from different server from attackers view)

where 1.2.3.4 is ip address of your dns server.

How to deny recursive queries?

To prevent your dns being open deny answering all/any recursive queries. All you need to do is put one line inside options { for dns server running bind.

Open /etc/named.conf

Look for a line options { and within

recursion no;

Once you disable recursions, zone notifications, and zone transfers you should be in the safer side.

Similar Posts:

• How to secure your DNS server
• Using Dig tool for DNS lookups and Nameserver query
• Perl Net DNS Tutorial for Querying DNS Servers
• Securing your server against DNS Amplification (DoS) attacks
• DNS Attacks – error sending response: host unreachable
• Sample DNS Zone File for BIND
• Install LAMP Server for Centos/RHEL
• DNS-Test :: Free dns checking tool script!
• Enabling ModRewrite in XAMPP Apache
• Setup Postfix/Dovecot MailServer for Centos/RHEL