[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing bind..

On Sunday 30 December 2001 18:46, P Prince wrote:
> The eaisest and most failsafe way to secure bind is to install djbdns.

If you have nothing to say - do not speak.
--
Configuration options for BIND are listed on  
http://www.isc.org/products/BIND/docs/config/

List of URL that might be usefull is here:
http://www.isc.org/products/BIND/contributions.html

Cricket Liu's presentation on how to secure BIND:
http://www.acmebw.com/papers/securing.pdf

Securing DNS:
http://www.psionic.com/papers/dns/
-
"acl" defines hosts or networks that you can either allow or deny access

"version" defines version number that bind answers if asked for it. 
(like: 'this space for rent. contact hostmaster' ;])

"blackhole" defines hosts or networks that bind will not answer at all. 
(ie.: 10.x.x.x, 192.168.x.x, 224.x....)

"allow-recursion/allow-query" defines hosts or networks that can use your 
server to get non-auth answers or do recursive queries.

"listen-on" defines interfaces and ports bind will listen on. If you don't 
have any domains to server to the "outside" world, you just list the intranet 
(NAT) interface in here.

"forward only" means that you will forward all request (and work ;]) to the 
dns servers listed in "forwarders".
-- 
BOFH excuse #57:

Groundskeepers stole the root password
Reply to: