Disable Recursive DNS (Linux / Windows)

DNS is used to translate hostnames into IP addresses. When DNS servers are misconfigured, they can be used to conduct DDOS attacks using your dedicated server. We recommend that all public DNS servers are configured to not permit recursive DNS queries.  This configuration will still allow DNS for your domain names to work properly, but will prevent abuse.

On Linux machines, there are a few common DNS servers:

BIND:
  1. Open your BIND configuration file
  2. In the 'options' section, make sure you have 'recursion no;' and 'additional-from-cache no;'
  3. Restart BIND after making any changes

DNSMasq:

Unfortunately, there is not a straight forward way to disable this within DNSMasq.  You would either need to modify the DNSMasq configuration so that it no longer listens on public IP addresses, or firewall off UDP port 53 to all hosts except your desired ones.

If for some reason you cannot make the necessary changes and you are not hosting your own DNS, we would suggest that you firewall off all incoming UDP port 53 traffic.
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Changing the Default SSH Port (Linux / CentOS)

SSH is one of the most commonly attacked services as it provides easy access to full control of...

Changing the Default SSH Port (Linux / Ubuntu / Debian)

SSH is one of the most commonly attacked services as it provides easy access to full control of a...

Disabling SSDP (Linux / Windows)

SSDP is used by some consumer-level equipment for network discovery.  It does not have any real...

Enabling and basic configuration of the firewall settings (Linux / Ubuntu)

Enabling the firewall will help you protect your dedicated server from unwanted connections to...

Securing NTP (Linux Only)

NTP is used for ensuring the time on your dedicated server is accurate. Some configurations of...

Powered by WHMCompleteSolution