Hi all. I've just installed the bind9 nameserver from the suse7.3 CD and then applayed all patches. now the name server ist up and running. my questions is now. what can i do (named.conf, ...) to make the server more secure? thanks a lot patrik Breitenmoser
Hello Patrik, Thursday, June 27, 2002, 11:39:34 AM, you wrote: PB> my questions is now. what can i do (named.conf, ...) to make the server more PB> secure? Hello Patrik, Thursday, June 27, 2002, 11:39:34 AM, you wrote: PB> my questions is now. what can i do (named.conf, ...) to make the server more PB> secure? very first thing todo: chroot ;-) http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html cheers, Andreas
PB> my questions is now. what can i do (named.conf, ...) to make the server more PB> secure?
very first thing todo: chroot ;-) http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO.html
are there opinions on the list regarding user mode linux (UML) and this method of jailing away services? would this be useful for other services as well? or is it easy to break, once the respective service broke? see: http://user-mode-linux.sourceforge.net/contrib.html DNS root file system cheers, Lars
Hi, a good start would be to limit recursive queries, like so: allow-recursion { my.clients.net; }; # check syntax, this is from my buggy mind. That way only your clients can query and cachepoinoning is not so likely anymore. Then refer to the security chapter of "DNS&Bind", which is avaulable online at oreilly's. hth dan On Thursday 27 June 2002 11:39, Patrik Breitenmoser wrote:
Hi all.
I've just installed the bind9 nameserver from the suse7.3 CD and then applayed all patches.
now the name server ist up and running.
my questions is now. what can i do (named.conf, ...) to make the server more secure?
thanks a lot
patrik Breitenmoser
participants (4)
-
Andreas Syska -
Dan Am -
l.g.e@web.de -
Patrik Breitenmoser