Discussions Disabling internet DNS recursion

Community Chat requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 20 subscribers
Views 6830 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disabling internet DNS recursion

DILLIER Sébastien over 7 years ago

Hi,

Do someone knows how to disallow the DNS recursion from internet on SG330 UTM ?

Many thanks for your help

This thread was automatically locked due to age.

Parents

0 Bianson over 7 years ago

Hello,

Please have a look at this thread, the user had a similar question. Thank you.

https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/48744/open-resolver-check

Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Bianson over 7 years ago

Hello,

Please have a look at this thread, the user had a similar question. Thank you.

https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/48744/open-resolver-check

Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 DILLIER Sébastien over 7 years ago in reply to Bianson

Hi,

Thanks for your help but... how can i disable the recursion for all external IP addresses ?

should i edit :

named.conf or named.conf-default ?

named.conf is showing the following:

options {
directory "/zones";
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
use-v4-udp-ports { range 24576 45055; };
use-v6-udp-ports { range 24576 45055; };

max-ncache-ttl 900;

check-names master ignore;
check-names slave ignore;
check-names response ignore;

pid-file "/var/run/named.pid";

datasize default;
stacksize default;
coresize default;
recursion yes;
allow-recursion { any; };

.......

-->I believe that a RNDC reload is needed after

Thanks for your help
Cancel
Vote Up 0 Vote Down

Cancel