Score:-1

BIND9 installed on CentOs security points

ru flag

Hope you all doing Well.

Actually we are running a DNS servers on CentOs using BIND9, they are recursive/authoritative.

My question is any way to filter/Stop/Limit DNS query based types like (TXT, NXDOMAIN,etc...)

Thanks in advance.

Regards, Frank

Patrick Mevzek avatar
cn flag
Your question is too broad and lacks too many details. You should look at RRL and RPZ as bind features that could provide at least parts of the solution, besides basic ACLs (not sure what you mean by filter clients: your recursive nameservers shouldn't be open to the world, while your authoritative ones have to) Your first step however would be to make sure to separate authoritative from recursive service.
Franks_Emma avatar
ru flag
@PatrickMevzek Thanks for your anwser, i will take a look for RPZ, as my knwoldege i don't think that we can filter querys types like A records, clients ip addresses, to be honest i know about RPZ feature i think can't do this, and since UDP port 53 is open, if one client is compromised how we can protect dns servers from those DNS attacks, i'm not sure that PSAD can block & identify those attack using signatures meanwhile do you have any idea how to detect DNS attacks or is sufficient using PSAD and iptables, no need to seim ? and thanks in advance.
Patrick Mevzek avatar
cn flag
"if one client is compromised how we can protect dns servers from those DNS attacks" Anyway you ask, before jumping to solutions, you will need to explain exactly against which attack you are trying to protect against (without a laundry list) because not clear what one client can do to a DNS server in your views.
Franks_Emma avatar
ru flag
@Patrick Mevzek, i agree it's not well explained from my side, So like DNS tunneling since port udp 53 is opnening in iptables, can the tool PSAD identify dns attacks based on signatures.Thanks in advance Patrick.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.