HostOnNet Blog

Open DNS servers

Looking for Linux Server Admin or WordPress Expert? We can help.

When check domain at dnsreport, it show warning

ERROR: One or more of your nameservers reports that it is an open DNS server.

This can be fixed by editing /etc/named.conf

The default “options” will be

options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

Add following inside options block

allow-recursion {
127.0.0.1;
72.232.50.98;
72.232.50.99;
72.232.50.100;
72.232.50.101;
};

72.232.50.98, 72.232.50.99, 72.232.50.100, 72.232.50.101 are IP’s of the server. Replace it with your server IP’s.

You can find IP’s configured in your server with command ifconfig

After editing, optons will look like

options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;

allow-recursion {
127.0.0.1;
72.232.50.98;
72.232.50.99;
72.232.50.100;
72.232.50.101;
72.232.50.102;
};

/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

Posted in DNS. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.