Re: Securing bind..
On Sunday 30 December 2001 22:58, Russell Coker wrote:
> 2.4.x kernels support the --bind option to mount which avoids the syslogd
yep. linux v2.4.x and bind v9.x are easier to set up. debian has almost
out-of-the box chroot solution.
> I disagree with the supposed security benefits of disabling zone transfers,
Why? Do you need the whole zone when you just need to resolve one host or IP ?
Do you give away all your personal data when someone asks you for your name ?
And this is what djb has to say for zone transfers :-)
"Zone transfers are an archaic alternative mechanism for copying DNS
> "iptables/ipchains blocks access to port 53 from untrusted IPs "
What you can also do with "bogus" option in BIND.
Or with ACLs and allow-query.