Security and Performance issues

  • ACL for quiries and recursive lookups to prevent spoofing and DoS attacks against DNS server: 
    acl our-nets { 192.168.5.0/24; };
acl bogusnets {109.18.3.0/24; };

options {
            ...
    
     allow-query { our-nets; };
     allow-recursion { our-nets; };
     blackhole { bogusnets; };
};
    The ACL also can be set for individual zones: 
    zone "this.com" {
  type master;
  file "this.com";
  allow-query { any; };
};

  • Not CPU intensive with static zones. May be CPU intensive with dynamicaly updated zones.
  • Memory consuming as it is desirable to fit all cache and zones into RAM.

    Set maximum allowed cache size, for example 50 MB: 
    max-cache-size 50000000;

    Limit the number of simultaneous recursive clients: 
    recursive-clients 500
    Previous Pageprevious First Pagetop Next Pagenext