DNS Newbie - security question

Russell Foster rf at rf0.com
Fri Aug 24 16:58:28 UTC 2001


>  -----Original Message-----
>  From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
>  Behalf Of Eoin Miller
>  Sent: 24 August 2001 17:08
>  To: comp-protocols-dns-bind at moderators.isc.org
>  Subject: DNS Newbie - security question
>
>
>  are there any other security measures i should be taking? (other than
>  keeping up with releases and patches) such as was to combat common DOS
>  attacks ect?
>

I would suggest looking at running Bind9 in a chrooted environment.
You might also want to setup filtering such that UDP 53 is open for all
appropiate clients and that TCP 53 is filtered apart from between both
machines (to allow for zone transfers).

Just my 2 pence

Rus



More information about the bind-users mailing list