Daniel,
#Can anyone give me some hints what security measures I
#can take to protect my (Linux-) DNS server (maybe lines
#to add to /etc/named.conf or some online available material)?
If you haven't done it already you will want to harden the Linux box. You
could use bastille, CBAC, or anything else that was discusses in
yesterday's(?) thread about securing Linux hosts. On the DNS server you
will want to use xfernets (BIND 4) or allow-transfer (BIND 8) to limit who
can do a zone transfer. You also may want to look at using split-DNS.
This would entail running two primary DNS servers for your domain. One for
internal users and one for the Internet. You only have to advertize the
specific hosts you want the Internet to be able to reach by name. I
recommend getting the DNS and BIND 3rd Edition by O'Reilly. Chapter ten is
on security. You can also find some stuff about security at
http://www.isc.org/products/BIND/. Hurry up before they start making you
pay for it=)
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
