Securing on Linux

The recommended way to harden access to the leng server is to only allow connections from clients you trust, mainly because public dns servers are hit by penetration testers and hackers regularly to scout for vulnerabilities.

Installing Requirements

Let's grab ufw to allow for easy editing of iptables.

apt-get install ufw -y

Firewall Setup

Now let's whitelist our dns clients IP address or range, and block access from everywhere else by default using ufw.

ufw deny 53
ufw allow from <ip or range> to any port 53
ufw reload

Now only the client(s) you whitelisted can access the dns server.

⚠ For Docker deployments, keep in mind ufw will not stop outside connections to your containers if you bind their ports. See the Docker docs about the issue.