rndc
Cricket Liu
cricket at menandmice.com
Wed Dec 19 00:03:25 UTC 2001
> I am setting up a couple dns servers. I am trying to make these
> servers as secure as I can, so I did an nmap localhost and found all
> the ports that were open.
>
> I get a 953/tcp open rndc
> 1024/tcp open kdm
> 1025/tcp open listen
>
> Now the only one that I know that is directly related to DNS is rndc.
> My question is, are either of these other two services directly
> related to bind, and if not I won't ask any further questions to this
> group about them.
I don't think the other ports have anything to do with DNS.
> The next question is
>
> On a redhat 7.2 from disk setup, is there any potential security flaw
> with having rndc listening on port 953 the way it is setup by default.
> I am trying to determine how to setup rndc keys, but not sure how to
> do it exactly yet. I did use the dnnssec-keygen to generate two
> files, but I am still reading on how to configure that. (If anyone
> knows of a good url to learn this I would appreciate it). Would be
> nice to find a cookbook exactly describing the process.
If you're running BIND 9.2.0, try the excellent rndc-confgen
program. My article on the differences between BIND 9 and
previous versions might come in handy; you can read it at
http://sysadmin.oreilly.com/news/dnsandbind_0401.html
cricket
Men & Mice
DNS Software, Training and Consulting
www.menandmice.com
Attend our next DNS and BIND class! See
http://www.menandmice.com/8000/8000_dns_training.html
for the schedule and to register for upcoming classes
More information about the bind-users
mailing list