iptables and bind
Chris Buxton
cbuxton at menandmice.com
Tue Aug 12 15:15:29 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Don't forget the Polyakov attack. Rate-limit your inbound traffic as
per Paul Vixie's recommendation (no more than 10 Mbit/s of inbound DNS
traffic), if necessary, using a firewall on your DNS server, or
possibly using an external DNS server.
Chris Buxton
Professional Services
Men & Mice
On Aug 12, 2008, at 7:08 AM, Paul A wrote:
> Thanks Kevin, didn't know if doing random with iptables was going to
> make it
> harder to guess instead of just using the new bind with port
> randomization.
>
> So at this point I'm assuming that aside from using secure zones,
> using the
> new bind is all that can be done?
>
> paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkihqREACgkQ0p/8Jp6Boi09uwCfem+soAjGYEy4abH2y6RxggMq
XX0AoKSru0q+ESnrptnQU+ClwRMuFGQC
=s6ZQ
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list