Re: Securing bind..

To: Russell Coker <russell@coker.com.au>
Cc: debian-user@lists.debian.org, <debian-isp@lists.debian.org>
Subject: Re: Securing bind..
From: jernej horvat <j@aufbix.org>
Date: Mon, 31 Dec 2001 01:20:14 +0100
Message-id: <[🔎] 20011231001915.0AAC223F09@vis.moj.net>
In-reply-to: <[🔎] 20011230215857.318593906DC@lyta.coker.com.au>
References: <[🔎] Pine.LNX.4.43.0112301246300.22481-100000@maximus> <[🔎] 20011230210137.5566123F0B@vis.moj.net> <[🔎] 20011230215857.318593906DC@lyta.coker.com.au>

On Sunday 30 December 2001 22:58, Russell Coker wrote:

> 2.4.x kernels support the --bind option to mount which avoids the syslogd
yep. linux v2.4.x and bind v9.x are easier to set up. debian has almost 
out-of-the box chroot solution.

> I disagree with the supposed security benefits of disabling zone transfers,
Why? Do you need the whole zone when you just need to resolve one host or IP ?

Do you give away all your personal data when someone asks you for your name ? 

And this is what djb has to say for zone transfers :-)

"Zone transfers are an archaic alternative mechanism for copying DNS 
information."

http://cr.yp.to/djbdns/faq/axfrdns.html#what
-
> "iptables/ipchains blocks access to port 53 from untrusted IPs "

What you can also do with "bogus" option in BIND.
Or with ACLs and allow-query.
--

Reply to:

Follow-Ups:
- Re: Securing bind..
  - From: "Michael D. Schleif" <mds@helices.org>
- Re: Securing bind..
  - From: Russell Coker <russell@coker.com.au>

References:
- Re: Securing bind..
  - From: P Prince <princep@charter.net>
- Re: Securing bind..
  - From: jernej horvat <j@aufbix.org>
- Re: Securing bind..
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: application level firewalling in linux?(was:ipchains...masq..spyware)
Next by Date: Re: New release of dillo
Previous by thread: Re: Securing bind..
Next by thread: Re: Securing bind..
Index(es):
- Date
- Thread