Jump to content

recursive nameservers


Recommended Posts

I've been using various tools to test out many domain names nameservers to see if they were OPEN/RECURSIVE, and my findings are bad. I tested about 400 various domain names for these open nameservers, and atleast 90% of the ones i tested were recursive.

What does this mean? It means that anyone can query a recursive nameserver for domains it's not  authoritative for. If a bad guy wanted he/she could use these open nameservers as a Denial Of Service tool, and more. Then you also have to worry about cache posining the list goes on. I mainly write this for those who run their own DNS to make sure you do not have open nameservers, and if you do to close them.

If you run BIND you can easily close them by adding this line to either your named.conf or named.conf.options in /etc/bind/

allow-recursion {localnets; };

This line  tells bind to only act recursively for systems that are part of the same logical subnet as the Bind server. For Microsoft based DNS servers there is usually only an on off option for recursion which makes it harder to fix than for bind. Anyway i hope this helps my fellow geeks. Later!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...