Michael Hoskins (michoski)
michoski at cisco.com
Mon Aug 6 02:32:06 UTC 2012
From: Carsten Strotmann <cas at strotmann.de>
Date: Saturday, August 4, 2012 8:37 AM
To: Alberto Rasillo <bluesnatural at gmail.com>
Cc: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: security BIND
>On Sat, 4 Aug 2012, Alberto Rasillo wrote:
>> Hi what are recomendations regarding security and DNS service?Thnks
>it is difficult (impossible?) to answer such a generic question.
>Generic security advice for a DNS service:
>* read your DNS servers documentation carefully
>* understand every bit of your configuration
>* don't use configuration settings you don't fully understand
>* understand hos DNS works (read a good book or visit a good DNS training)
>* run recent software (not old software that has know security issues)
>* monitor your DNS server (DNS server logfiles, DNS traffic-patterns)
>* don't run an 'open resolver'
Agreed, there's no one answer but a collection of advice. You'll need to
do some research, and keep abreast of trends by joining lists like this
one and others like dns-operations and bugtraq.
More information about the bind-users