DNS Newbie - security question
Russell Foster
rf at rf0.com
Fri Aug 24 16:58:28 UTC 2001
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Eoin Miller
> Sent: 24 August 2001 17:08
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: DNS Newbie - security question
>
>
> are there any other security measures i should be taking? (other than
> keeping up with releases and patches) such as was to combat common DOS
> attacks ect?
>
I would suggest looking at running Bind9 in a chrooted environment.
You might also want to setup filtering such that UDP 53 is open for all
appropiate clients and that TCP 53 is filtered apart from between both
machines (to allow for zone transfers).
Just my 2 pence
Rus
More information about the bind-users
mailing list