[ The quoted email is dated last December... I hope nobody minds me ]
[ reviving the conversation. I'm catching up on a few mail groups. ]
Russell == Russell Coker [EMAIL PROTECTED] writes:
Russell On Sun, 30 Dec 2001 16:17, Jor-el wrote:
On Sun, 30 Dec 2001, Russell Coker wrote:
[ The quoted email is dated last December... I hope nobody minds me ]
[ reviving the conversation. I'm catching up on a few mail groups. ]
Russell == Russell Coker [EMAIL PROTECTED] writes:
Russell On Sun, 30 Dec 2001 16:17, Jor-el wrote:
On Sun, 30 Dec 2001, Russell Coker wrote:
to writing _the_
authorative work on securing bind.
I usually try to contribute the knowledge I get from maillinglists to
faq's and comments if it's easy to do so, f.x to contribute comments to
php.
Would it be possible to add this?
Tarjei
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
setting up docbook .
F.x. in such a situation it's quite for the person who asked the
question to update the docs without commiting to writing _the_
authorative work on securing bind.
This document should be *the* authorative work on howto secure
bind on Debian. Doing cut-n-paste
asked the
question to update the docs without commiting to writing _the_
authorative work on securing bind.
This document should be *the* authorative work on howto secure
bind on Debian. Doing cut-n-paste of mails is not useful IMHO
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED
BIND should be treated with the utmost caution, as CERT has listed it as
the #1 way to break into a computer and Im sure some of us have had
k1dd13z on our systems because of it. I know I have seen this
discussion before in old USENET posts, but I do think it would be a good
idea to maybe
On Mon, Jan 28, 2002 at 05:10:07AM -0800, Alvin Oga wrote:
hi ya
several ways to harden dns... depending on level fo paranoia??
http://www.Linux-Sec.net/Harden/server.gwif.html#DNS
Notes are fine, and I'm already aware of linux-sec.net. I'm
looking, however, into something more
On Thu, Jan 03, 2002 at 03:34:32PM +0100, martin f krafft wrote:
(...)
but more importantly, if the question was how to secure bind, then let's
not secure it by substituting... bind is still the #1 nameserver, and a
thread like this (even though argued a million times) can be quite
setting up docbook .
F.x. in such a situation it's quite for the person who asked the
question to update the docs without commiting to writing _the_
authorative work on securing bind.
This document should be *the* authorative work on howto secure
bind on Debian. Doing cut-n-paste
On Mon, Jan 28, 2002 at 05:10:07AM -0800, Alvin Oga wrote:
hi ya
several ways to harden dns... depending on level fo paranoia??
http://www.Linux-Sec.net/Harden/server.gwif.html#DNS
Notes are fine, and I'm already aware of linux-sec.net. I'm
looking, however, into something more
also sprach P Prince [EMAIL PROTECTED] [2001.12.30.1846 +0100]:
The eaisest and most failsafe way to secure bind is to install djbdns.
you are kidding me, right? the question was how to secure bind. the
asker wasn't in need of other religious beliefs.
while i strongly believe that djb is a real
Russell Coker wrote:
DNS cache machine sents out requests from source port 54 (not obscure - every
administrator of every DNS server on the net can easily discover this).
Recursive requests go to port 53 (getting a DNS client to even talk to
another port is difficult or impossible depending
On Monday, 31. December 2001 14:20, Thomas Seyrat wrote:
By forcing the source port for recursive requests to a given fixed
one, do you not make yourself more vulnerable to the spoofing attacks
you were talking about, because the attacker does not have to predict
the source port of
Russell,
On Sun, 30 Dec 2001, Russell Coker wrote:
Also don't allow recursion from outside machines.
Why does this help?
Another possibility is to have the port for outgoing connections be something
other than 53 (54 seems unused) and use iptables or ipchains to block data
from the
The eaisest and most failsafe way to secure bind is to install djbdns.
Google is your friend.
-Tech
On Sun, 30 Dec 2001, Petre Daniel wrote:
Well,i know Karsten's on my back and all,but i have not much time to
learn,and too many things to do at my firm,so i am asking if one of you has
any
Previously P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
And the simple answer to that is:
1. bind is not DFSG-free and not packaged for Debian which makes it
off-topic here.
2. replacing bind is not the same thing as securing it, which was
the
[EMAIL PROTECTED] (Wichert Akkerman) writes:
Previously P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
And the simple answer to that is:
1. bind is not DFSG-free and not packaged for Debian which makes it
off-topic here.
s/bind/djbdns/
On Sun, Dec 30, 2001 at 06:49:34PM +0100, Wichert Akkerman wrote:
Previously P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
And the simple answer to that is:
1. bind is not DFSG-free and not packaged for Debian which makes it
off-topic here.
May
On Sunday 30 December 2001 18:46, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
If you have nothing to say - do not speak.
--
Configuration options for BIND are listed on
http://www.isc.org/products/BIND/docs/config/
List of URL that might be usefull
thank you all very much.
you're right.if one doesn't have anything useful to say i'll recommand him
to let others help..
thx guys.
At 10:02 PM 12/30/01 +0100, jernej horvat wrote:
On Sunday 30 December 2001 18:46, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install
Russell,
On Sun, 30 Dec 2001, Russell Coker wrote:
Lots of good stuff snipped
Please read my messages carefully before flaming me.
Ack! My apologies. Poor reading and poor wording.
DNS cache machine sents out requests from source port 54 (not obscure - every
administrator of
Well,i know Karsten's on my back and all,but i have not much time to
learn,and too many things to do at my firm,so i am asking if one of you has
any idea how can bind be protected against that DoS attack and if someone
has some good firewall for a dns server ( that resolves names for internal
On Sun, 30 Dec 2001 11:18, Petre Daniel wrote:
Well,i know Karsten's on my back and all,but i have not much time to
learn,and too many things to do at my firm,so i am asking if one of you has
any idea how can bind be protected against that DoS attack and if someone
has some good firewall for a
Russell,
On Sun, 30 Dec 2001, Russell Coker wrote:
Also don't allow recursion from outside machines.
Why does this help?
Another possibility is to have the port for outgoing connections be something
other than 53 (54 seems unused) and use iptables or ipchains to block data
from the
The eaisest and most failsafe way to secure bind is to install djbdns.
Google is your friend.
-Tech
On Sun, 30 Dec 2001, Petre Daniel wrote:
Well,i know Karsten's on my back and all,but i have not much time to
learn,and too many things to do at my firm,so i am asking if one of you has
any
Previously P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
And the simple answer to that is:
1. bind is not DFSG-free and not packaged for Debian which makes it
off-topic here.
2. replacing bind is not the same thing as securing it, which was
the
[EMAIL PROTECTED] (Wichert Akkerman) writes:
Previously P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
And the simple answer to that is:
1. bind is not DFSG-free and not packaged for Debian which makes it
off-topic here.
s/bind/djbdns/
Wichert Akkerman wrote:
And the simple answer to that is:
1. bind is not DFSG-free and not packaged for Debian which makes it
off-topic here.
You mean djbdns, of course.
2. replacing bind is not the same thing as securing it, which was
the question.
There is a small presentation
Jor-el wrote:
Another possibility is to have the port for outgoing connections be
something
other than 53 (54 seems unused) and use iptables or ipchains to block data
from the outside world coming to port 53.
[...]
Of course, in the case of DNS servers, you could be OK, since you
On Sun, Dec 30, 2001 at 12:46:55PM -0500, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
Troll.
Google is your friend.
-Tech
On Sun, 30 Dec 2001, Petre Daniel wrote:
Well,i know Karsten's on my back and all,but i have not much time to
On Sun, Dec 30, 2001 at 06:49:34PM +0100, Wichert Akkerman wrote:
Previously P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
And the simple answer to that is:
1. bind is not DFSG-free and not packaged for Debian which makes it
off-topic here.
May
On Sunday 30 December 2001 18:46, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
If you have nothing to say - do not speak.
--
Configuration options for BIND are listed on
http://www.isc.org/products/BIND/docs/config/
List of URL that might be usefull
thank you all very much.
you're right.if one doesn't have anything useful to say i'll recommand him
to let others help..
thx guys.
At 10:02 PM 12/30/01 +0100, jernej horvat wrote:
On Sunday 30 December 2001 18:46, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install
On Sun, 30 Dec 2001, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
Because after djbdns, bind 4.2 looks like a pinnacle of security...
Google is your friend.
Apparently it didn't get you a clue...
-Tech
On Sun, 30 Dec 2001, Petre Daniel wrote:
Russell,
On Sun, 30 Dec 2001, Russell Coker wrote:
Lots of good stuff snipped
Please read my messages carefully before flaming me.
Ack! My apologies. Poor reading and poor wording.
DNS cache machine sents out requests from source port 54 (not obscure - every
administrator of every
On Sun, 30 Dec 2001, John Galt wrote:
On Sun, 30 Dec 2001, P Prince wrote:
The eaisest and most failsafe way to secure bind is to install djbdns.
Because after djbdns, bind 4.2 looks like a pinnacle of security...
John,
Enlighten me please. I've heard a few things about the
36 matches
Mail list logo