Bind9 security improvement
If possible, add these 3 lines to the named.conf.options template:
allow-recursion { 127.0.0.1; ::1; fe80::/10; }; allow-query-cache { 127.0.0.1; ::1; fe80::/10; }; rate-limit { responses-per-second 15; window 5; };
The first and second lines limits recursive queries to the server itself. Without this line, anyone can use dns to browse the internet if they configure the ip on the device.
The third line, Serves as a mitigation tool for the problem of DNS amplification attacks (https://kb.isc.org/docs/aa-00994)