{"id":13751,"date":"2025-04-03T13:22:12","date_gmt":"2025-04-03T10:22:12","guid":{"rendered":"https:\/\/www.inetmar.com\/blog\/?p=13751"},"modified":"2025-04-04T17:26:51","modified_gmt":"2025-04-04T14:26:51","slug":"opendns-resolver-nedir-ve-nasil-devre-disi-birakilir","status":"publish","type":"post","link":"https:\/\/www.inetmar.com\/blog\/opendns-resolver-nedir-ve-nasil-devre-disi-birakilir\/","title":{"rendered":"OpenDNS Resolver Nedir ve Nas\u0131l Devre D\u0131\u015f\u0131 B\u0131rak\u0131l\u0131r?"},"content":{"rendered":"

\n

DNS Open-Resolver Nedir?<\/h2>\n

DNS Open-Resolver sunucunuzun d\u0131\u015f kaynaklardan gelen recursive sorgulara yan\u0131t vermesine olanak tan\u0131r. Yani sunucunuz internet \u00fczerindeki herhangi bir cihaz\u0131n DNS iste\u011fine cevap verebilir.<\/p>\n

DNS Open-Resolver Neden Kapat\u0131lmal\u0131d\u0131r?<\/h2>\n

E\u011fer DNS Open-Resolver aktifse, k\u00f6t\u00fc niyetli ki\u015filer sunucunuzu DDoS Reflection sald\u0131r\u0131lar\u0131nda kullanabilir. Bu t\u00fcr sald\u0131r\u0131lar sonucunda sunucunuz y\u00fcksek trafik \u00fcreterek \u015febekenizin \u00e7\u00f6kmesine veya internet h\u0131z\u0131n\u0131z\u0131n d\u00fc\u015fmesine neden olabilir.<\/p>\n

Sunucumda DNS Open-Resolver Aktif mi?<\/h2>\n

Bunu test etmek i\u00e7in dig<\/strong> komutunu kullanabilirsiniz. Linux sunucular \u00fczerinden a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131rarak Open-Resolver’in a\u00e7\u0131k olup olmad\u0131\u011f\u0131n\u0131 kontrol edebilirsiniz:<\/p>\n

dig cert-bund.de @SUNUCU_IP_ADRES\u0130N\u0130Z<\/code><\/pre>\n
E\u011fer \u00e7\u0131kt\u0131da \u015fu sat\u0131rlar varsa sunucunuz sald\u0131r\u0131lara a\u00e7\u0131kt\u0131r:<\/p>\n
;; Got answer:\r\n;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60398\r\n;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0<\/code><\/pre>\n
Ancak a\u015fa\u011f\u0131daki gibi bir \u00e7\u0131kt\u0131 al\u0131yorsan\u0131z DNS recursion kapal\u0131d\u0131r ve sunucunuz g\u00fcvenli durumdad\u0131r:<\/p>\n
;; Got answer:\r\n;; ->>HEADER<<- opcode: QUERY, status: REFUSED<\/strong>, id: 14200\r\n;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0\r\n;; WARNING: recursion requested but not available<\/code><\/pre>\n
DNS Recursion A\u00e7\u0131k Olursa Ne Olur?<\/h2>\n
E\u011fer DNS Recursion \u00f6zelli\u011fi a\u00e7\u0131ksa sunucunuz DNS Amplification Attack<\/strong> gibi sald\u0131r\u0131lara maruz kalabilir. Ayn\u0131 zamanda sisteminiz sald\u0131r\u0131lar i\u00e7in bir arac\u0131 h\u00e2line gelir ve fark\u0131nda olmadan b\u00fcy\u00fck \u00e7apl\u0131 DDoS sald\u0131r\u0131lar\u0131n\u0131n bir par\u00e7as\u0131 olabilirsiniz. Bu da sunucunuzun performans\u0131n\u0131 olumsuz etkiler ve y\u00fcksek trafik maliyetleriyle kar\u015f\u0131 kar\u015f\u0131ya kalabilirsiniz.<\/p>\n
DNS Recursion Nas\u0131l Kapat\u0131l\u0131r?<\/h2>\n
Bu i\u015flemi yaparken dikkatli olun. E\u011fer sunucu y\u00f6netimi konusunda yeterli bilginiz yoksa, teknik destek ekibinizden yard\u0131m alman\u0131z daha g\u00fcvenli olacakt\u0131r.<\/p>\n
Hangi DNS sunucu yaz\u0131l\u0131m\u0131n\u0131 kulland\u0131\u011f\u0131n\u0131z\u0131 bilmeniz gerekir. Windows sunucu<\/a> genellikle Microsoft DNS<\/strong> veya Bind<\/strong>, Linux ise genellikle Bind<\/strong> kullan\u0131r.<\/p>\n
1) Microsoft DNS \u00dczerinde DNS Recursion Kapatma<\/h3>\n
    \n
  • “DNS” yaz\u0131p aratarak Microsoft DNS Servisi<\/strong> y\u00f6netim panelini a\u00e7\u0131n.
    \n\"OpenDNS<\/li>\n
  • DNS Server ad\u0131na sa\u011f t\u0131klay\u0131p Properties<\/strong> sekmesine girin.
    \n\"OpenDNS<\/li>\n
  • Advanced<\/strong> sekmesine gelin ve Disable recursion<\/strong> kutusunu i\u015faretleyin.
    \n\"<\/li>\n
  • Forwarders<\/strong> alan\u0131n\u0131n tamamen bo\u015f oldu\u011funa emin olun.
    \n\"\"<\/li>\n
  • Root Hints<\/strong> b\u00f6l\u00fcm\u00fcn\u00fc temizleyin.
    \n\"\"<\/li>\n
  • Son olarak DNS Servisini yeniden ba\u015flat\u0131n<\/strong>.<\/li>\n<\/ul>\n
    2) Windows Plesk Bind \u00dczerinde DNS Recursion Kapatma<\/h3>\n
    Bind konfig\u00fcrasyon dosyan\u0131z\u0131 a\u00e7\u0131n ve a\u015fa\u011f\u0131daki ad\u0131mlar\u0131 takip edin:<\/p>\n
      \n
    1. named.user.conf<\/strong> dosyan\u0131z\u0131 bulun.<\/li>\n
    2. \u0130\u00e7inde allow-recursion {…}<\/strong> veya recursion yes;<\/strong> gibi sat\u0131rlar varsa bunlar\u0131 silin.<\/li>\n
    3. \u015eu sat\u0131rlar\u0131 ekleyin:<\/li>\n<\/ol>\n
      options {\r\n    allow-transfer {none;};\r\n    additional-from-cache no;\r\n    recursion no;\r\n};<\/code><\/pre>\n
        \n
      1. DNS servisini yeniden ba\u015flat\u0131n.<\/li>\n<\/ol>\n
        3) Linux Bind \u00dczerinde DNS Recursion Kapatma<\/h3>\n
        \u00d6ncelikle named.conf<\/strong> dosyan\u0131z\u0131 a\u00e7\u0131n:<\/p>\n
        nano -w \/etc\/named.conf<\/code><\/pre>\n
        recursion yes<\/strong> veya allow-recursion<\/strong> ile ilgili sat\u0131rlar\u0131 bulun ve silin veya ba\u015f\u0131na \/\/<\/strong> koyarak yorum sat\u0131r\u0131 haline getirin. Ard\u0131ndan \u015fu sat\u0131rlar\u0131 ekleyin:<\/p>\n
        allow-transfer {none;};\r\nadditional-from-cache no;\r\nrecursion no;<\/code><\/pre>\n
        Son olarak DNS servisini yeniden ba\u015flat\u0131n:<\/p>\n
        systemctl restart named<\/code><\/pre>\n
        DNS Recursion \u00d6zelli\u011finin Kapal\u0131 Oldu\u011fu Nas\u0131l Test Edilir?<\/h2>\n
        dig google.com @SUNUCU_IP_ADRES\u0130N\u0130Z<\/code><\/pre>\n
          \n
        • Status: REFUSED<\/strong> veya Status: SERVFAIL<\/strong> al\u0131rsan\u0131z, recursion kapal\u0131 demektir.<\/li>\n
        • Status: NOERROR<\/strong> al\u0131rsan\u0131z, recursion h\u00e2l\u00e2 a\u00e7\u0131k ve kapat\u0131lmas\u0131 gerekiyor demektir.<\/li>\n<\/ul>\n
          DNS g\u00fcvenli\u011fini sa\u011flamak i\u00e7in bu ad\u0131mlar\u0131 dikkatlice uygulay\u0131n ve d\u00fczenli olarak test ederek sunucunuzun g\u00fcvenli oldu\u011fundan emin olun.<\/p>\n
          NOT:<\/strong> Recursive DNS’in kapal\u0131 olmas\u0131 tek ba\u015f\u0131na yeterli de\u011fildir. E\u011fer root servers ve forwarder servers ayarlar\u0131 duruyorsa, sunucunuz h\u00e2l\u00e2 DNS Amplification sald\u0131r\u0131lar\u0131na a\u00e7\u0131k olabilir. Bu y\u00fczden sadece recursive DNS’i kapatmak yerine, root ve forwarder b\u00f6l\u00fcmlerini de kald\u0131rmal\u0131s\u0131n\u0131z.<\/p>\n","protected":false},"excerpt":{"rendered":"
          DNS Open-Resolver Nedir? DNS Open-Resolver sunucunuzun d\u0131\u015f kaynaklardan gelen recursive sorgulara yan\u0131t vermesine olanak tan\u0131r. Yani sunucunuz internet \u00fczerindeki herhangi bir cihaz\u0131n DNS iste\u011fine cevap verebilir. DNS Open-Resolver Neden Kapat\u0131lmal\u0131d\u0131r? E\u011fer DNS Open-Resolver aktifse, k\u00f6t\u00fc...<\/p>\n","protected":false},"author":2,"featured_media":13761,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57],"tags":[],"class_list":["post-13751","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dns"],"_links":{"self":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/13751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/comments?post=13751"}],"version-history":[{"count":17,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/13751\/revisions"}],"predecessor-version":[{"id":13786,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/13751\/revisions\/13786"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media\/13761"}],"wp:attachment":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media?parent=13751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/categories?post=13751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/tags?post=13751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}