Re: Securing bind..
thank you all very much.
you're right.if one doesn't have anything useful to say i'll recommand him
to let others help..
thx guys.
At 10:02 PM 12/30/01 +0100, jernej horvat wrote:
On Sunday 30 December 2001 18:46, P Prince wrote:
> The eaisest and most failsafe way to secure bind is to install djbdns.
If you have nothing to say - do not speak.
--
Configuration options for BIND are listed on
http://www.isc.org/products/BIND/docs/config/
List of URL that might be usefull is here:
http://www.isc.org/products/BIND/contributions.html
Cricket Liu's presentation on how to secure BIND:
http://www.acmebw.com/papers/securing.pdf
Securing DNS:
http://www.psionic.com/papers/dns/
-
"acl" defines hosts or networks that you can either allow or deny access
"version" defines version number that bind answers if asked for it.
(like: 'this space for rent. contact hostmaster' ;])
"blackhole" defines hosts or networks that bind will not answer at all.
(ie.: 10.x.x.x, 192.168.x.x, 224.x....)
"allow-recursion/allow-query" defines hosts or networks that can use your
server to get non-auth answers or do recursive queries.
"listen-on" defines interfaces and ports bind will listen on. If you don't
have any domains to server to the "outside" world, you just list the intranet
(NAT) interface in here.
"forward only" means that you will forward all request (and work ;]) to the
dns servers listed in "forwarders".
--
BOFH excuse #57:
Groundskeepers stole the root password
Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:office@cyber.ro
Tel:+4048220044, +4048206200
Reply to: