Allowing DNS Recursion is like running an Open SMTP Relay. You allow anyone to query your DNS server and this can easily lead to abuse.
You can fix this by disabling recursive lookups for not authorized IP’s.
This article will teach you step by step how to do this.
- Login to your server as root
- Edit /etc/named.conf
pico /etc/named.conf
Add before options {} the fallowing:
acl “trusted” {
MAIN_IP;
SECONDARY_IP;
127.0.0.1;
};
Where MAIN_IP and SECONDARY_IP are the IP’s of your nameservers on that server.
Now you have to add in the same file /etc/named.conf in the options {} part of the file the fallowing:
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };
- Now save and restart named
service named restart
Source:
http://www.cpanelconfig.com/cpanel-security-related-articles/closing-open-dns-servers/