DNS DoS attack CentOS

Seeing a lot of this in my logs, is this a problem?

client 209.205.74.234#5415: query (cache) ‘ripe.net/ANY/IN’ denied
client 209.205.74.234#41921: query (cache) ‘ripe.net/ANY/IN’ denied
client 209.205.74.234#64158: query (cache) ‘ripe.net/ANY/IN’ denied
client 209.205.74.234#25950: query (cache) ‘ripe.net/ANY/IN’ denied
client 209.205.74.234#7358: query (cache) ‘ripe.net/ANY/IN’ denied
client 209.205.74.234#33800: query (cache) ‘ripe.net/ANY/IN’ denied
client 209.205.74.234#50898: query (cache) ‘ripe.net/ANY/IN’ denied

This is a pretty common event, by default, bind will allow recursive queries for lookups on other domains that are not master zones on the name server.

This presents some PCI compliance issues and some informational vulnerabilities (allowing third parties to query the nameserver).

If the server is meant only to act as a nameserver for specific domains, then recursive queries should be disabled as it is unnecessary for the server to resolve anything other than its own domains.

To disable recursive queries in bind, add the following to the options section of named.conf:


allow-transfer {"none";};
allow-recursion {"none";};
recursion no;

Then restart the named service