Re: Securing bind..

[Dave Kline <dave@iitedge.com>]

BIND should be treated with the utmost caution, as CERT has listed it as 
the #1 way to break into a computer and Im sure some of us have had 
k1dd13z on our systems because of it.  I know I have seen this 
discussion before in old USENET posts, but I do think it would be a good 
idea to maybe include a debconf option that lets the user choose whether 
or not BIND would run as root.  That way, upgrades of BIND could respect 
the setup and users could have safer defaults on their system.

Even if that doesn't happen, I think that should be in the Security HOWTO.
-A. Dave  



Javier Fernández-Sanguino Peña wrote:

> On Thu, Jan 03, 2002 at 03:34:32PM +0100, martin f krafft wrote:
> (...)
>
> > but more importantly, if the question was how to secure bind, then let's
> > not secure it by substituting... bind is still the #1 nameserver, and a
> > thread like this (even though argued a million times) can be quite
> > informative.
>
> 	The way to avoid this kind of threads over and over again is to *document*
> them. I find that there are quite a number of people willing to answer emails in the
> list but not willing to take some time and *write* about it.
>
> 	If anyone feels like writting a few paragraphs on how to secure BIND, improving
> the existing documentation (of course, the Debian Security HOWTO), feel free to send me
> any material worth adding.
>
> 	Regards
>
> 	Javi