Subject: Re: Securing DNS
From: Ken Schweigert (ken@byte-productions.com)
Date: Fri Nov 23 2001 - 07:56:43 MST
Duane,
One document that I follow when I install DNS is :
http://www.linuxdoc.org/HOWTO/Chroot-BIND-HOWTO.html
This will help you install bind v9 in a chroot jail and will lock DNS
into it's own seperate filesystem. If your DNS does get compromised,
the bad guys will be limited to the chrooted filesystem, only.
Also, seperating your internal and external domains is called "views"
in the bind world. You can find more information in the doc/arm
directory from the source files.
One last thing, if you're using a v8 series of bind, make sure it is
the absolutely latest version of it. Currently, it is at v8.2.5. I,
personally use v9.1.3 and it has been working great. This version is
a total rewrite and has many new features. The mail list is very
helpful, too.
HTH
-- -Ken Schweigert, Aspiring Network Administrator Byte Productions, LLC http://www.byte-productions.comOn Wed, Nov 21, 2001 at 02:17:09PM -0800, Duane Murphy wrote: > I have a YDL 2.1 machine setup as an Internet server. It is also acting > as a DNS server for my local network as well as for a couple of domains > on the internet. > > I am concerned about the security of the domain server. I have seen how I > can change the access control to the local lan only but then I dont > respond to domain information for my public domains. I have also noticed > that my internal addresses are available to the outside with a request. > This is just annoying as they are local addresses and cant be used > externally. But its still seems like a risk. > > Is there someway to secure this DNS server? To allow it to provide access > to my public domains as well as my local lookups? > > Thanks for the help, > ..Duane Murphy >
This archive was generated by hypermail 2a24 : Fri Nov 23 2001 - 08:09:53 MST