Hardening resolv.conf

I have a couple of DNS questions with regard to a hosting server acting in the capacity of a Hosting Service Provider.

1. Is it more common for a server to provide its own DNS lookups:
Code: 
cat > /etc/resolv.conf << "EOF"
nameserver 127.0.0.1
EOF
or to have a set of specified DNS servers that it queries:
Code: 
cat > /etc/resolv.conf << "EOF"
nameserver 111.112.113.114
nameserver 111.112.113.115
EOF
???

2. When a server is doing it's own recursive lookups, I have come across to a reference that there may be security repercussions to pointing the resolver towards the localhost @ 127.0.0.1 :

http://www.eth0.us/?q=node/6

Next we are going to do is harden resolv.conf because if improperly configured it can be used to spoof or create a DOS attack. First go ahead and open up the config file: You should see something like "nameserver xxx.xxx.xxx.xxx" and maybe "search xxx.com". The important thing is that 127.0.0.1 is NOT listed. At the top you should have your servers internet ip address. This will function basically the same as 127.0.0.1 as many servers were configured with but it is less prone to attacks.
How could this type of configuration be used for an attack?

 

 

 

 

Top