bind9 proper recursion setup

linux ubuntu domain-name-system bind

Filter who is able to query DNS recursively and who is not with ACLs.

acl my_net { 
    192.168.1.0/24;
};

acl my_other_net {
    10.0.0.0/8;
};

options {

    [ ... ]


    recursion yes;

    allow-recursion { my_net; };
    blackhole { my_other_net; };

};

Also, set up ingress(BCP 84)/egress filtering in your gateway to avoid spoofed UDP packets to reach your network and generate unexpected traffic or poisoning. Blackhole untrusted parts of your local infrastructure.

Related

HTTPS redirect from a naked domain (example.com) to a full domain 'www.example.com' without an error?
ntpd: servers stuck on .INIT
what percentage of iowait is considered to be high?
Finding all aliases for a server
What is the current state of the art for user management with Ansible?
Are the free Win 7/8/10 VM's Microsoft provides for testing purposes restricted or any different than their counterparts? [closed]
Small writes to SMB network share are slow on Windows, fast over CIFS Linux mount
After hardware RAID array expansion fdisk wont allow me to use additional available sectors
Configuring Transparent Hugepages; [always], [madvise], or [never]
Automatic shutdown when idle? [closed]
hdparm on OS X
Any tools to automate OCR of scanned PDF files in a manner similar to Acrobat's OCR feature? [closed]