How to secure a dns server?

B

by_EL2021-11-22 23:42:18

System administration

by_EL, 2021-11-22 23:42:18

Hello, there is a dns server which forward port is open to the outside, what settings and recommendations can you advise to protect the dns server using pfsense
Thanks in advance

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

V

Vladimir Korotenko, 2021-11-23
@firedragon

I would generally close it from the outside. For no reason. What goes on inside your grid should stay there.
If there is a site outside, then the hoster and keep dns.
This is of course IMHO, but such a scenario removes a lot of headaches from you and puts a clear boundary between the internal grid and the wild Internet. Ideally, only vpn should be open to the outside.

D

Drno, 2021-11-22
@Drno

Open dns is available to everyone
Or limit it to ip addresses

A

AlexVWill, 2021-11-23
@AlexVWill

Looking for what purposes the DNS was created.
If its purpose is to serve DNS requests from the outside, then it makes no sense to close it, otherwise it will not work. It is recommended to translate requests to DoH into e, i.e. DNS over Https is a more reliable query protocol.