My Linux

This post was originally written for xmodulo . The DNS server that we have created in the  previous tutorial  is an open DNS resolver. An open resolver does not filter any incoming requests, and accepts queries from any source IP address. Unfortunately, an open resolver can become an easy target to attackers. For example, attackers can initiate a Denial of Service (DoS) or even worse, a Distributed Denial of Service (DDoS) attack on the open DNS server. These attacks can also be combined with IP spoofing, where all the reply packets will be directed to a victim’s spoofed IP address. In another attack scenario called  DNS amplification attacks , an open DNS server can actively participate in the attacks. According to  openresolverproject.org , it is not advisable to run an open resolver unless necessary. Most companies keep their DNS servers accessible to only their customers. This tutorial will focus on how to configure a DNS server so that it stops being an o...