Hi; When I check my sites name servers dnsreport.com , i see "Open DNS servers" is red and it's writing "FAIL" I think this is security problem ? If it's a security problem , how can i solve it? My server is a linux server Thanks for your help
it means that anyone in the world can use your DNS as a nameserver and if they would abuse it - millions of DNS queries from out there - like AOL etc could be processed on your machine
for your signature sites i see only 2 toally different NS TURKCEBILGI.NET and dnsmadeeasy.com none of them has the warning you mention without precise NS information there is no help possible assuming that you are talking about the NS turkcebilgi.net you have a number of warnings but NOT the mentioned one. the additional warnings warnings for turkcebilgi.net nameservers: 1. Nameservers on separate class C's 2. Single Point of Failure 3. SOA REFRESH value 4. SOA EXPIRE value in addition you have 1 FAIL 1. Connect to mail servers warnings 1 and 2 can be solved by moving your NS to another location - at least one of the two should physically be at a different location, different server/different country/continent - for example by moving one of the 2 to a free DNS hosting service such as http://www.zoneedit.com since you appear to run the 2 a.m. NS on your machine - I recommend you make your machine hosted NS the primary ( master ) and your external the slave ( secondary ) to have both synchronized. remember to change the serial number of your NS if you make any changes If however you are talking about ANOTHER NS - then pls let me now which one to better help you usually the dnsreport.com NS reports contain a reference to the solution. for your reference http://tldp.org/HOWTO/DNS-HOWTO.html chapter 6.2 Protecting against spoofing http://tldp.org/HOWTO/DNS-HOWTO-6.html#ss6.2 gives you the configuration details for your security problem
hello by ssh open file named.conf pico /etc/named.conf find this line options { bellow add this recursion no; close file restart named service and no more open dns
i'm sorry have forget to update this thread . i have solved my problem. * first type nano /etc/named.conf ssh * add acl "trusted" {mainip;nameserverips;127.0.0.1;}; after the controls { inet 127.0.0.1 allow { localhost; } keys { "rndckey"; }; }; * after this add allow-recursion { trusted; }; allow-notify { trusted; }; allow-transfer { trusted; }; after the options { directory "/var/named"; and at last restart your name server . problem will be solved
Careful, if they were using the server as a resolver for themselves you'll knock them out of service. -Raymond