[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Quoting Wolfgang Jeltsch (7o2lccqg@acme.softbase.org):
> Am Mittwoch, 9. Juli 2008 20:51 schrieb Noah Meyerhans:
> 
> > > I suggest that you install bind9,
> 
> How do I tell bind9 what DNS servers to ask?  Is this also done by 
> resolv.conf?  If yes, named would ask itself if 127.0.0.1 is the first entry.
> 
> > > configure it to only listen on 127.0.0.1,
> 
> How do I do this? dpkg-reconfigure doesn???t help.

Although this will require a substantial investment of your time, I 
recommend studying
http://www.cymru.com/Documents/secure-bind-template.html , to better
understand how to properly configure and lock down BIND9.
Reply to: