I’ve recently seen some issues onto my DNS servers, after testing them with DNS Report.
So, the red-flagged message was:

ERROR: One or more of your nameservers reports that it is an open DNS server.
This usually means that anyone in the world can query it for domains it is not authoritative for
(it is possible that the DNS server advertises that it does recursive lookups when it does not,
but that shouldn’t happen). This can cause an excessive load on your DNS server. Also, it is
strongly discouraged to have a DNS server be both authoritative for your domain and be
recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there
is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as
part of an attack, by forging their IP address.

Problem record(s) are:

Server dns.ip1.he.re reports that it will do recursive lookups. [test]
Server dns.ip2.he.re reports that it will do recursive lookups. [test]

The issue is not critical, but needs attention. It takes about 10 minutes to fix it.

STEP 1

login into the server via ssh and gain root privileges;

STEP 2

start editing /etc/named.conf file:

nano -w /etc/named.conf

after the first lines, stating:

controls {
inet 127.0.0.1 allow { localhost; } keys { “rndckey”; };
};

add this code sequence:

acl “trusted” {
10.22.33.44;
10.33.22.11;
10.55.44.33;
};

where the IPs are those you want to allow making recursive lookups (usually your other DNS machines IPs);

Scroll down just a little and find

options {
directory “/var/named”;
dump-file “/var/named/data/cache_dump.db”;
statistics-file “/var/named/data/named_stats.txt”;

Inside the options { statement add:

directory “/var/named”;
version “Only for my friends!”;
allow-recursion { trusted; };
allow-notify { trusted; };
allow-transfer { trusted; };

Check that the closing bracket

}

for the option statement is after the added code.

STEP 3

restart the dns server;

service named restart