How to secure DNS server
DNS is the basis of most internet applications – emails, messengers, web site browsing, etc. But we often tend to miss out the presence of this extensively used service. As a result, server administrators overlook the vulnerabilities in dns service and hackers easily exploit this aspect.
The security of a server includes securing all its server software and application software, file system, network and physical security. We’ve already covered the entire list in our previous post. Today, we’ll take a more focused look at how to secure dns server.
Read more at : How to secure a server
1. Protect server information
Every server software has a version number associated with it. Attackers can easily identify the DNS server version from a simple DNS lookup information and easily find the vulnerabilities of that version and attack the DNS server.
Hiding the software version information increases the effort a hacker would have to put, in order to attack the DNS server. This would make the attack a hard thing to do and thus help to protect the DNS server.
2. Limit recursive queries
A DNS server that handles recursive queries forwards the DNS queries to other DNS servers, if they don’t have the records with them. Too many recursive queries can hog the server memory.
An open DNS server accepts queries from everyone, which can lead to malicious users querying the DNS server. This often leads to risks such as DOS attacks and Cache poisoning.
DOS attacks cause network traffic to be clogged by sending too many requests to the DNS server, making it unresponsive. In cache poisoning, attackers send specific queries to DNS server and gains control over server traffic.
One way which we can limit recursive queries is by configuring a closed DNS server, which accepts queries only from a trusted set of clients. We can also limit the number of clients that are served concurrently by the DNS server or turn off recursive queries.