Expert advice 10 ways to protect good DNS server

17 Jul 2017 admin

DNS software is a target for hackers eager to attack, it may bring security problems. Here are some of the most effective ways to protect DNS servers.

1. uses the DNS forwarder


DNS forwarder is a DNS server that performs DNS queries for other DNS servers. Use DNS to turn

The primary purpose of the

processor is to mitigate the pressure of DNS processing by transferring query requests from the DNS server to the forwarder and potentially benefiting from the larger DNS cache from the DNS forwarder.

Another advantage of

using DNS transponders is that it prevents the DNS server from forwarding query requests from the Internet DNS server. This is important if your DNS server saves your internal domain DNS resource record. Instead of letting the internal DNS server do recursive queries and directly contact the DNS server, it lets it use the forwarders to handle unauthorized requests.

2. uses only buffering DNS server

buffers only DNS servers for domain names. It is used for recursive queries or by using forwarders. When only buffering the DNS server receives a feedback, it saves the result in the cache, and then sends the result to the system that asks the DNS query for it. As time goes on, only buffering the DNS server can collect a large amount of DNS feedback, which greatly shortens the time it provides for DNS response.

uses the DNS server as a forwarder only and can improve organizational security under your administration control. The internal DNS server can only buffer the DNS server as its own forwarder, and only buffer the DNS server instead of your internal DNS server to complete the recursive query. Use your own caching only DNS server as a repeater can improve security, because you do not need to rely on your ISP DNS server as a repeater, you cannot confirm the safety of ISP DNS server, even more so.

3. uses DNS advertisers (DNS, advertisers)


DNS advertiser is a DNS server responsible for parsing queries in the domain. For example, if your host is publicly available resources for and, your public DNS server should configure the DNS zone file for and

In addition to the DNS ad settings for

other DNS servers in the DNS zone file, the DNS advertiser is only answering queries about its authorized domain name. This DNS server does not recursively query other DNS servers. This allows users to not use your public DNS server to parse other domains. Increased security by reducing the risk associated with running an open DNS resolver, including cache poisoning.