HostOnNet Blog

Open DNS servers

When check domain at dnsreport, it show warning

ERROR: One or more of your nameservers reports that it is an open DNS server.

This can be fixed by editing /etc/named.conf

The default “options” will be

options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

Add following inside options block

allow-recursion {
127.0.0.1;
72.232.50.98;
72.232.50.99;
72.232.50.100;
72.232.50.101;
};

72.232.50.98, 72.232.50.99, 72.232.50.100, 72.232.50.101 are IP’s of the server. Replace it with your server IP’s.

You can find IP’s configured in your server with command ifconfig

After editing, optons will look like

options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;

allow-recursion {
127.0.0.1;
72.232.50.98;
72.232.50.99;
72.232.50.100;
72.232.50.101;
72.232.50.102;
};

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};


Posted in DNS. Bookmark the permalink.