Re: Securing bind..
On Sunday 30 December 2001 18:46, P Prince wrote:
> The eaisest and most failsafe way to secure bind is to install djbdns.
If you have nothing to say - do not speak.
Configuration options for BIND are listed on
List of URL that might be usefull is here:
Cricket Liu's presentation on how to secure BIND:
"acl" defines hosts or networks that you can either allow or deny access
"version" defines version number that bind answers if asked for it.
(like: 'this space for rent. contact hostmaster' ;])
"blackhole" defines hosts or networks that bind will not answer at all.
(ie.: 10.x.x.x, 192.168.x.x, 224.x....)
"allow-recursion/allow-query" defines hosts or networks that can use your
server to get non-auth answers or do recursive queries.
"listen-on" defines interfaces and ports bind will listen on. If you don't
have any domains to server to the "outside" world, you just list the intranet
(NAT) interface in here.
"forward only" means that you will forward all request (and work ;]) to the
dns servers listed in "forwarders".
BOFH excuse #57:
Groundskeepers stole the root password