[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing bind..

On Sun, 30 Dec 2001 22:02, jernej horvat wrote:
> On Sunday 30 December 2001 18:46, P Prince wrote:
> > The eaisest and most failsafe way to secure bind is to install djbdns.
> If you have nothing to say - do not speak.

Perhaps a discussion of the relative merits of djbdns and bind is in order.

I wanted to move to djbdns at one time, but it was too painful.  Everything 
had to be redone (the config files were all incompatible), the documentation 
was inadequate, and there was no good amount of support on the net.

Has djbdns improved since then?

> Securing DNS:
> http://www.psionic.com/papers/dns/

2.4.x kernels support the --bind option to mount which avoids the syslogd 
hackery described in this URL.  Also the authbind method supported by Debian 
is much more powerful and useful than using the chuid() functionality in 
bind.  Both these things aren't mentioned.

> Cricket Liu's presentation on how to secure BIND:
> http://www.acmebw.com/papers/securing.pdf

I disagree with the supposed security benefits of disabling zone transfers, 
it's just security by obscurity.  Also when idiots read such advice and take 
it to heart it gets in the way when you have a genuine need for zone 

http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

Reply to: