DNS based attacks are becoming increasingly more common. This one small thing can help prevent your server from being unwittingly used against your will to attack other servers.

Step 1: SSH in to your server

Ensure you are the root user, as only root will have access to the needed files and commands.

Step 2: Back up your existing NameD configuration.

Backing up your existing configuration ensures that any mistakes you make can be reverted. This command will make a backup of the file with the current date appended to the end.

[~]# cp /etc/named.conf /etc/named.conf.`date +"%m_%d_%Y_%H_%M"`

Step 3: Edit the current configuration:

This can be a bit tricky if you’ve customized your configuration at all, but you’ll basically be looking for any part or parts of your named.conf file that say ‘options’. In mine it looks like this:

options {
allow-transfer {"none";};

You want to update it to look like this:

options {
allow-recursion { "none"; };
allow-transfer {"none";};

It’s also possible you will have lines inside other subsections that will look like this:

recursion yes;

You will want to update those to make sure that they say no:

recursion no;

Step 4: Check your new named.conf for errors.

Always, always check your work before you restart the services to prevent unwanted downtime:

[~]# named-checkconf /etc/named.conf

If that shows errors you will want to correct them before you continue on.

Step 5: Restart NameD

If you are error free, just restart NameD to allow your changes to take effect:

[~]# /etc/init.d/named restart

You can ensure that named is running in a couple different ways, but the easiest are probably these:

[~]# ps auxf | grep named | grep -v grep
named     1392  0.0  0.5 160288  4496 ?        Ssl  Jan26   0:09 /usr/sbin/named -u named
[~]# dig +short @localhost encylia.com

If you don’t see NameD in the process list, or don’t get a response from your server when using Dig, you’ll want to seek immediate assistance. You can also restore your backed-up configuration file and restart named to get it back online quickly.

Good luck, and congratulations on making your server more secure!