Article 5041 at 06/05/05 17:45:20 From: brucetimberlake (at mark) gmail.com Subject: [coba-e:05041] Re: Open DNS Servers

Index: [Article Count Order] [Thread]

Date:  Fri, 5 May 2006 01:51:23 -0700
From:  "Bruce Timberlake" <brucetimberlake (at mark) gmail.com>
Subject:  [coba-e:05041] Re: Open DNS Servers
To:  coba-e (at mark) bluequartz.org
Message-Id:  <f76f5d3e0605050151i5c5df842k7db2fce41fae63c7 (at mark) mail.gmail.com>
In-Reply-To:  <200605050816.k458GJVQ058216 (at mark) info.eis.net.au>
References:  <040401c67013$3e5e1300$0200a8c0 (at mark) PORTABLE2>	 <200605050816.k458GJVQ058216 (at mark) info.eis.net.au>
X-Mail-Count: 05041

You need to prevent recursive lookups from all non-trusted sources.
Add a directive to your /etc/named.conf like this:

  allow-recursion { your.ip.add.ress; another.trusted.ip.addr; };

See these sites for some more info:

http://www.dyndns.com/about/company/notify/archives/the_dangers_of_open_recursive_dns.html
http://www.zytrax.com/books/dns/ch7/queries.html