Re: Securing bind..
On Mon, 31 Dec 2001 01:20, jernej horvat wrote:
> On Sunday 30 December 2001 22:58, Russell Coker wrote:
> > 2.4.x kernels support the --bind option to mount which avoids the syslogd
>
> yep. linux v2.4.x and bind v9.x are easier to set up. debian has almost
> out-of-the box chroot solution.
Are the root servers using bind9 yet?
> > I disagree with the supposed security benefits of disabling zone
> > transfers,
>
> Why? Do you need the whole zone when you just need to resolve one host or
> IP ?
Sometimes getting a copy of the zone helps to discover problems.
> Do you give away all your personal data when someone asks you for your name
> ?
I give away data that's publically available anyway. If data isn't public
then it shouldn't be in a public place such as a DNS zone file. Knowing
which IP addresses are in use is no secret, you can always check on IP
address block assignments and scan them all.
> And this is what djb has to say for zone transfers :-)
>
> "Zone transfers are an archaic alternative mechanism for copying DNS
> information."
When djb starts releasing his software under better license agreements that
make it realistically possible to use it, and when he makes his software
interoperate better with the rest of the world then people will take more
notice of him.
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
Reply to: