If a file called /etc/nologin exists login will disable the begin of a session in this system. If you put some text into the file, users will be shown this text and their login attempts will be refused.

vi /etc/nologin

Server under maintenance. No access allowed at this moment.

As you probably know, a recursive DNS server (a caching DNS) tells clients the answers to queries for various DNS records. Queries not resolvable directly (non-local records) are forwarded to servers that can resolve them. Once it get answers they are stored in its cache for future use (note that this data is not cached forever).

On the other hand, a DNS server only shows to the world DNS records for a specific domain and is known to be authoritative for that domain.

Nowadays everybody with some security skills seems to agree in the importance of separating DNS caches from DNS servers. Even Bind (the most widely used DNS implementation) seems to follow this recommendation.

The easiest way to limit recursion in Bind9 is to put something like this in your config file:

options { allow-query { any; }; allow-recursion { 192.168.1.0/24; localhost; };

This will allow recursion from your internal net and from localhost. A better solution… SWITCH TO DJBDNS!!

And now some interesting links:

• Notes from DjbDNS site
• DjbDNS site
• Threats posed by DNS recursion
• If you insist in using Bind