open dns servers, dangerous?

[jnarvaez]

I have my own dns servers on my plesk 7.5, and tested them with dnsreport.com, it says:

FAIL. Open DNS servers ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server xxx.xxx.xxx.xxx reports that it will do recursive lookups. [test]
Server xxx.xxx.xxx.xxx reports that it will do recursive lookups. [test]


See this page for info on closing open DNS servers.


is this really dangerous as they say? They say I could fix it using a line "recursion no;" in the "options" clause (or in the "view" clause).

Is a good idea doing this?

Any help would be apreciated

 

[jwdick]

Open DNS servers opens your server for DOS attacks and some resellers like GoDaddy will cancel your account without notice if you setup your server as an Open DNS server.

 

[usbusi]

see the other thread by cchickman

see the other thread in plesk linux/unix by cchickman which details how to set your named.conf for either:

recursion no

or

allow-recursion..... (limiting the IPs that can do recursive lookups)