Re: Securing bind..
On Sun, 30 Dec 2001 22:02, jernej horvat wrote:
> On Sunday 30 December 2001 18:46, P Prince wrote:
> > The eaisest and most failsafe way to secure bind is to install djbdns.
> If you have nothing to say - do not speak.
Perhaps a discussion of the relative merits of djbdns and bind is in order.
I wanted to move to djbdns at one time, but it was too painful. Everything
had to be redone (the config files were all incompatible), the documentation
was inadequate, and there was no good amount of support on the net.
Has djbdns improved since then?
> Securing DNS:
2.4.x kernels support the --bind option to mount which avoids the syslogd
hackery described in this URL. Also the authbind method supported by Debian
is much more powerful and useful than using the chuid() functionality in
bind. Both these things aren't mentioned.
> Cricket Liu's presentation on how to secure BIND:
I disagree with the supposed security benefits of disabling zone transfers,
it's just security by obscurity. Also when idiots read such advice and take
it to heart it gets in the way when you have a genuine need for zone
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page