BIND 8.2.3 security suggestions
James A Griffin
agriffin at cpcug.org
Mon Feb 26 14:56:04 UTC 2001
Borgia Joe A Contr AFRL/IFOS wrote:
>
> Looking for suggestions on how improve general security on named servers,
> either in
> the named.conf file, or in the zone files, or both.
>
> Anything would be appreciated.
>
[SNIP]
There are three (IMO) key resources:
1. Cricket Liu's presentation on _Securing an Internet Name Server_
at http://www.acmebw.com/resources/papers/securing.pdf
2. The AUSCERT paper on Denial of Service attacks using DNS
at ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos
3. CHROOTing bind various HOW-TO documents, including one
at http://www.linuxdoc.org/HOWTO/Chroot-BIND-HOWTO.html
The concepts from the first two sources have been integrated into a
Federal (US) Best Security Practice (How to Secure Domain Name Servers)
at http://bsp.cio.gov (which seems to be off-the-air at the moment).
The practice need to be updated to reflect the new versions of BIND and
I think it should have chrooting added as well. Nonetheless, since it
is a .gov publication, you at a .mil can get brownie points by citing
it.
Regards,
Jim
More information about the bind-users
mailing list