[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing bind..

On Sunday 30 December 2001 22:58, Russell Coker wrote:

> 2.4.x kernels support the --bind option to mount which avoids the syslogd
yep. linux v2.4.x and bind v9.x are easier to set up. debian has almost 
out-of-the box chroot solution.

> I disagree with the supposed security benefits of disabling zone transfers,
Why? Do you need the whole zone when you just need to resolve one host or IP ?

Do you give away all your personal data when someone asks you for your name ? 

And this is what djb has to say for zone transfers :-)

"Zone transfers are an archaic alternative mechanism for copying DNS 

> "iptables/ipchains blocks access to port 53 from untrusted IPs "

What you can also do with "bogus" option in BIND.
Or with ACLs and allow-query.

Reply to: