|
In the SimpleDNS software,
- list your IP addresses (internal or external)
that are allowed to query the DNS.
- "Do not respond" to others
then Goto Security Tab and put a check in
- Prevent DNS spoofing & cache
poisoning
- Ignore UDP packets from port 0
- Detect & close Telnet connections
- Respond to bind version requests with "No
comprende?"
Hey, anyone can be a DNS Pro nowdays, even me! :
)
For the DNS servers that aren't listed in a domain's DNS
entries, yes they will work, and yes the spammers & thieves will find them
within a day or two anyway.
We used to have to do DNS here manually on *Nix
and BSD. While I'm glad for the hands-on education, I found
it similar to having to send emails from a Command
prompt.
BarryZ
----- Original Message -----
Sent: Tuesday, December 05, 2006 3:58 PM
Subject: Re: [SurgeMail List] Recursive DNS was Setting up SPF
Records
Barry,
We have some dns servers that are not "listed" in
our dns records. They are recursive, for use by surgemail and
our customers. Can those be found by hackers and used by them. ; And
if so how would I secure them (MS DNS) from "dns thieves"?
For DNS, part of the problem with DNS servers out there
in La-La Land is that they recurse and do redirected lookups for queries
coming from off-site IP addresses. Here, we use a variety of tools, but
I like JHSoft's Simple DNS Plus software the best. It can easily be configured
to accept queries only from certain IP's (even internal-only IP's) and to
IGNORE all other requests. You can even turn off Telnet so that DNS
thieves "don't have a clue" and go elsewhere. It's called Theft of
Services.
|
elkgrove.n