TAM Tip: Secure your DNS Servers!

Latest response
A recent DDoS attack [1] directed to SpamHaus generated close to 300 Gbps of internet traffic, and a significative amount of traffic was generated by open DNS servers [2]. US-CERT issued an alert [3], in order to reduce the surface attack, as there are approximately 25 million misconfigured exploitable DNS servers [4]. Check if your DNS server only allows recursive queries from your target networks. Also, an interesting new feature in BIND, is the Response Rate Limiting (RRL) option [5,6], which limits how much similar queries a given zone can reply to a remote host in an interval. This feature is available in the latest (bind-9.8.2-0.17.rc1.el6_4.4) RHEL6 BIND server. For more information about DNS recursion, refer to this Red Hat knowledgebase article.
 
References:

Responses

And here I thought you were going to offer up tutorials on DNS w/ TSIG!