Antwort: Bind 8 hardening {Scanned}

SW wppiphoto at wppi.com
Wed Dec 29 20:54:19 UTC 2004 

Hi Holger,
Here is more info on my system configuration:

Server has 2 Nics w/ the following ip addresses: 

Nic A is facing the Internet w/ ip address 100.168.100.1/24 (this is not my real ip address, but changed for security reasons to post in a public forum)

Nic B is on a private ip address and does not interact w/ the Internet w/ ip address 192.168.1.1/24

So, with that here is my complete /etc/named.conf for primary name server:

acl internal { 192.168.100/24; 209.8.232/24; };
acl slaves { 100.168.100.50; };

options {
        directory "/hsphere/local/var/named";
        listen-on { 127.0.0.1; 100.168.100.10; };
        allow-transfer { 100.168.100.50; };
        allow-query { internal; };
        allow-recursion { internal; };
        recursion no;
        fetch-glue no;
        use-id-pool yes;
        transfer-source 127.0.0.1;
        pid-file "/hsphere/local/var/named/named.pid";
};

zone "." IN { type hint; file "local/named.ca"; };
zone "localhost" IN { type master; file "local/localhost.zone"; allow-update { none; }; };
zone "0.0.127.in-addr.arpa" IN { type master; file "local/named.local"; allow-update { none; }; };
zone "100.168.100.in-addr.arpa" { type master; file "100.168.100"; allow-update { none; }; };

include "zones_index.conf";

And my secondary name server /etc/named.conf has the following:

acl internal { 192.168.1/24; 209.8.232/24; };

options {
        directory "/hsphere/local/var/named";
        listen-on { 127.0.0.1; 100.168.100.50; };
        allow-transfer { 100.168.100.10; };
        allow-query { internal; };
        allow-recursion { internal; };
        recursion no;
        fetch-glue no;
        use-id-pool yes;
        transfer-source 127.0.0.1;
        pid-file "/hsphere/local/var/named/named.pid";
};

zone "." IN { type hint; file "local/named.ca"; };
zone "localhost" IN { type master; file "local/localhost.zone"; allow-update { none; }; };
zone "0.0.127.in-addr.arpa" IN { type master; file "local/named.local"; allow-update { none; }; };
zone "100.168.100.in-addr.arpa" { type slave; file "100.168.100"; masters { 100.168.100.10; }; };

include "zones_index.conf";

Thakns,

SW
-------------------------------------------------
        WPPi.com        |        WPPi.Net
-------------------------------------------------
  http://www.wppi.com   |  http://www.wppi.net
-------------------------------------------------
WPPi.com & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.
-------------------------------------------------

More information about the bind-users mailing list