PDA

View Full Version : Blcoking DNS from outsider

pluk
05-17-2004, 09:16 AM
Is there a way to clode the DNS (or no relaying)??? Anywhere we specify this out?

Thanks!
jlasman
05-17-2004, 09:18 AM
Please clarify your question, pluk.

What do you mean?

I'm not sure what DNS has to do with relaying, and your question isn't clear to me.

Jeff
pluk
05-17-2004, 09:21 AM
For example, I can presently use the Direct Admin server 1 (DA1) as my DNS server. Many times, people use this to replay mails or even to pull records. This could cause severe slowdown to the server.

Any way to prevent people to use this DNS as their client machine's DNS?

Sorry if I'm not too clear.
jlasman
05-17-2004, 09:35 AM
Originally posted by pluk
For example, I can presently use the Direct Admin server 1 (DA1) as my DNS server. Many times, people use this to replay mails
By default, the only people who can use your server to relay email would be your email users. And you can shut them out as well, but that's a different topic.
or even to pull records. This could cause severe slowdown to the server.
DNS is a very efficient protocol; we server DNS for many thousands of sites on 300MHZ systems and we never get even measurable server load.

That said, it's not a good idea to allow anyone to use your server for "recursive" queries; that is queries for sites for which you're not authoritative.
Any way to prevent people to use this DNS as their client machine's DNS?
We use the "recursion no;" statement as part of the options in our /etc/named.conf file.

However, if you do that, then not even your machine can use your DNS server to find DNS records. So you'll have to use someone else's DNS servers for your system's DNS resolution.

To do that you'll have to find one or more DNS servers you can use for recursive lookups (that's lookups of domains for which your server is NOT authoritative), and list it/them in your /etc/resolv.conf file.

It's important to know that the latter is a MUST; if you don't do it your server won't work.

We use DNS servers provided by our bandwidth provider for recursive DNS, and we list them in our /etc/resolv.conf file.

For instructions for the resolv.conf file see "man resolv.conf".

Jeff