Configuring DNS servers securely

Article translated by machine

This text is a machine translation. A revised version is planned.

For Server-products with administration rights

In this article we will show you how to configure the DNS server of your Servers securely.

This ensures that third parties do not use or misuse your server for a so-called DNS amplification attack.

We show you how to check the configuration of your DNS server for this vulnerability in the article Check DNS Server for Security against Amplification Attacks.

The procedure depends on whether you manage your DNS server services using Plesk or manually on a Linux or Windows server.

Plesk

If you administer your server using Plesk, log into your Plesk panel.

Under Server > DNS Template Settings > DNS Recursion, set the option Deny using Set.

Manual setting ( Linux Server)

If you configure your DNS server manually, set the following setting in the configuration file of your DNS server (named.conf):

allow-recursion {"none”;};
recursion no;
Manual setting ( Windows Server)

To disable DNS recursion on a Windows Server (from 2008 R2), Microsoft provides instructions on the Technet pages.