How to secure an open dnsmasq on the Internet?
I want to setup a couple of open DNS severs, like Google Public DNS, to learn about some technologies. I decided to have them open so I can learn about high availability, performance optimization, etc.
My question is: how do I secure these dnsmasq servers? I know with default settings it is open to recursive queries and DDOS, also cache poisoning, etc. Is there any tutorial about securing such server?
I prefer dnsmasq because it's relatively easy to configure. But if it is too insecure by design, then I guess I could consider "unbound" or some other alternatives (not a big fan).