[EMAIL PROTECTED] wrote:
>
Hi,
I heard some very bad news about bind (in general for bugs [security]
and specifically now with their pay-policy ;-) )
An alternative to bind, could be djbdns... from Dan Bernstein (creator
of qmail).
Has anyone have experience with this DNS server?
Security?
Thanks,
Herman
> Daniel,
>
> #Can anyone give me some hints what security measures I
> #can take to protect my (Linux-) DNS server (maybe lines
> #to add to /etc/named.conf or some online available material)?
>
> If you haven't done it already you will want to harden the Linux box. You
> could use bastille, CBAC, or anything else that was discusses in
> yesterday's(?) thread about securing Linux hosts. On the DNS server you
> will want to use xfernets (BIND 4) or allow-transfer (BIND 8) to limit who
> can do a zone transfer. You also may want to look at using split-DNS.
> This would entail running two primary DNS servers for your domain. One for
> internal users and one for the Internet. You only have to advertize the
> specific hosts you want the Internet to be able to reach by name. I
> recommend getting the DNS and BIND 3rd Edition by O'Reilly. Chapter ten is
> on security. You can also find some stuff about security at
> http://www.isc.org/products/BIND/. Hurry up before they start making you
> pay for it=)
>
> Regards,
> Jeffery Gieser
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
+----------------------------------------+
! Herman Van Keer !
! Tel: +1 403 863-6075 !
! E-mail: [EMAIL PROTECTED] !
+----------------------------------------+
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
