Differences

This shows you the differences between two versions of the page.

--- ubuntu:dns:open_dns_server [2020/07/15 09:30] – external edit 127.0.0.1
+++ ubuntu:dns:open_dns_server [2021/01/10 21:13] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Ubuntu - DNS - Open DNS Server ======
-Running the dns server 'open' is a big security risk since it answers recursive queries both from inside and outside your network.
-It means anyone can query your server for IP address and your dns server will answer them.
-To illustrate this, we have two nameservers running bind for domain example.com.
-<code bash>
-ns1.example.com
-ns2.example.com
-</code>
-We ask ns1.example to resolve outside domain google.com and if we get IP address (A record) in the answer section, then it means it is an 'open dns server'.
-<code bash>
-dig @ns1.example.com google.com
-dig @ns2.example.com google.com
-;; global options:  printcmd
-;; Got answer:
-;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12107
-;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
-;; QUESTION SECTION:
-;google.com.                    IN      A
-;; Query time: 32 msec
-</code>
-Since there is no ANSWER section or IP address both the nameservers does not constitute open dns server.
-If you happen to run bind8 or later, all you have to do is set '**recursion no**' within options to disable dns server answering recursive queries.
-<code bash>
-options {
-....
-recursion no;
-}
-</code>