Open DNS servers

Hi;

When I check my sites name servers dnsreport.com , i see "Open DNS servers" is red and it's writing "FAIL"

I think this is security problem ?

If it's a security problem , how can i solve it?

My server is a linux server

Thanks for your help

 

it means that anyone in the world can use your DNS as a nameserver
and if they would abuse it - millions of DNS queries from out there - like AOL etc could be processed on your machine

 

so how i solve this problem?

 

for your signature sites i see only 2 toally different NS
TURKCEBILGI.NET
and
dnsmadeeasy.com

none of them has the warning you mention
without precise NS information there is no help possible

assuming that you are talking about the NS turkcebilgi.net you have a number of warnings but NOT the mentioned one. the additional warnings

warnings for turkcebilgi.net nameservers:

1.
Nameservers on separate class C's


2.
Single Point of Failure

3.
SOA REFRESH value

4.
SOA EXPIRE value

in addition
you have 1 FAIL

1.
Connect to mail servers

warnings 1 and 2 can be solved by moving your NS to another location - at least one of the two should physically be at a different location, different server/different country/continent - for example by moving one of the 2 to a free DNS hosting service such as

http://www.zoneedit.com

since you appear to run the 2 a.m. NS on your machine - I recommend you make your machine hosted NS the primary ( master ) and your external the slave ( secondary ) to have both synchronized.

remember to change the serial number of your NS if you make any changes

If however you are talking about ANOTHER NS - then pls let me now which one to better help you
usually the dnsreport.com NS reports contain a reference to the solution.

for your reference
http://tldp.org/HOWTO/DNS-HOWTO.html

chapter

6.2 Protecting against spoofing
http://tldp.org/HOWTO/DNS-HOWTO-6.html#ss6.2

gives you the configuration details for your security problem

 

hello
by ssh open file named.conf
pico /etc/named.conf

find this line
options {
bellow add this
recursion no;

close file restart named service

and no more open dns

 

i'm sorry have forget to update this thread . i have solved my problem.

* first type nano /etc/named.conf ssh

* add acl "trusted" {mainip;nameserverips;127.0.0.1;};
after the
controls { inet 127.0.0.1 allow { localhost; } keys { "rndckey"; }; };

* after this add

allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

after the

options {
directory "/var/named";
and at last restart your name server . problem will be solved

 

Careful, if they were using the server as a resolver for themselves you'll knock them out of service.

-Raymond

 

This applies for the VPS servers who are using virtuozzo or vmware

Regards

 

Keep growing the site and the rate of return will increase.

-Raymond