Securing BIND DNS: disable external root hints

Disabling recursive DNS queries in BIND is not enough to stop amplification attacks using your DNS server.

If you are running BIND you also need to disable root hints.

in /etc/named.conf

Find: view “external” and under line

recursion no;


allow-recursion {“none”;};
additional-from-cache no;

save then restart named