security BIND

Michael Hoskins (michoski) michoski at cisco.com
Mon Aug 6 02:32:06 UTC 2012


-----Original Message-----

From: Carsten Strotmann <cas at strotmann.de>
Date: Saturday, August 4, 2012 8:37 AM
To: Alberto Rasillo <bluesnatural at gmail.com>
Cc: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: security BIND

>On Sat, 4 Aug 2012, Alberto Rasillo wrote:
>
>> Hi what are recomendations regarding security and DNS service?Thnks
>
>it is difficult (impossible?) to answer such a generic question.
>
>Generic security advice for a DNS service:
>* read your DNS servers documentation carefully
>* understand every bit of your configuration
>* don't use configuration settings you don't fully understand
>* understand hos DNS works (read a good book or visit a good DNS training)
>* run recent software (not old software that has know security issues)
>* monitor your DNS server (DNS server logfiles, DNS traffic-patterns)
>* don't run an 'open resolver'
>(https://otrs.menandmice.com/otrs/public.pl?Action=PublicFAQZoom;ItemID=59
>)

Agreed, there's no one answer but a collection of advice.  You'll need to
do some research, and keep abreast of trends by joining lists like this
one and others like dns-operations and bugtraq.

http://www.cymru.com/Documents/secure-bind-template.html

http://www.cisco.com/web/about/security/intelligence/dns-bcp.html

http://www.rfc-editor.org/bcp-index.html

http://shop.oreilly.com/product/9780596100575.do

Good luck!




More information about the bind-users mailing list