Bind Security.
Brad Knowles
brad.knowles at skynet.be
Wed May 9 23:17:34 UTC 2001
At 11:31 PM +0200 5/9/01, Pinklon Thomas wrote:
> I have chosen Bind to be my DNS servers, even before other OS (Win**ze).
Note that there are versions of BIND available for Windows NT, if
that is important to you.
> I have searched for all the information that I have been able to join,
> but..... What is the most secure version of BIND?.
That would have to be 9.1.2, released just a few days ago.
> I plan to install it on FreeBSD. Any tips?.
FreeBSD is a pretty good choice. You just want to make sure that
when you install the machine, *all* services are turned off, before
you start enabling one-by-one the few services you actually want on
the machine (probably just ssh and BIND).
You will probably also want to configure the FreeBSD firewall
software (ipfw), so as to refuse ssh connections from anywhere but
your internal network, allow DNS connections on the interface you
expect, and default deny everything else.
You can learn more about FreeBSD at <http://www.freebsd.org/>,
and they have online manuals, mailing lists, etc....
Another option would be OpenBSD, since that has a more
security-minded bent. If you're interested, see
<http://www.openbsd.org/>.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list