Check /etc/named.conf for recursion restrictions
I'm getting this warning from check server security option in csf :
You have a local DNS server running but do not have any recursion restrictions set in /etc/named.conf. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only
--
solution:
Make backup copy of named.conf
#cp /etc/named.conf /etc/named.conf-backup
#vi /etc/named.conf
The top of your named.conf should look something like:
-------------------------------------------------------------------
include "/etc/namedb/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
acl "trusted" {
127.0.0.1;
};
options {
pid-file "/var/run/named/named.pid";
directory "/etc/namedb";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
version "BIND";
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
forwarders { 127.0.0.1; };
};
------------------------------
If you don't have the lines in bold, add them to your named.conf (make a backup first!) and restart BIND. You can also add additional IP addresses if you have other servers in the DNS cluster.
Restart bind.
