Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
security BIND
1 view
Skip to first unread message
Alberto Rasillo
Aug 4, 2012, 10:18:49 AM8/4/12
to bind-...@lists.isc.org
Hi what are recomendations regarding security and DNS service?
Thnks
Carsten Strotmann
Aug 4, 2012, 11:37:34 AM8/4/12
to Alberto Rasillo, bind-...@lists.isc.org
Hello Alberto,
On Sat, 4 Aug 2012, Alberto Rasillo wrote:
> Hi what are recomendations regarding security and DNS service?Thnks
it is difficult (impossible?) to answer such a generic question.
Generic security advice for a DNS service:
* read your DNS servers documentation carefully
* understand every bit of your configuration
* don't use configuration settings you don't fully understand
* understand hos DNS works (read a good book or visit a good DNS training)
* run recent software (not old software that has know security issues)
* monitor your DNS server (DNS server logfiles, DNS traffic-patterns)
* don't run an 'open resolver'
(https://otrs.menandmice.com/otrs/public.pl?Action=PublicFAQZoom;ItemID=59)
Anything more specific your would like to know?
-- Carsten
On Sat, 4 Aug 2012, Alberto Rasillo wrote:
> Hi what are recomendations regarding security and DNS service?Thnks
Generic security advice for a DNS service:
* read your DNS servers documentation carefully
* understand every bit of your configuration
* don't use configuration settings you don't fully understand
* understand hos DNS works (read a good book or visit a good DNS training)
* run recent software (not old software that has know security issues)
* monitor your DNS server (DNS server logfiles, DNS traffic-patterns)
* don't run an 'open resolver'
(https://otrs.menandmice.com/otrs/public.pl?Action=PublicFAQZoom;ItemID=59)
Anything more specific your would like to know?
-- Carsten
Michael Hoskins (michoski)
Aug 5, 2012, 10:32:06 PM8/5/12
to bind-...@lists.isc.org
-----Original Message-----
Agreed, there's no one answer but a collection of advice. You'll need to
do some research, and keep abreast of trends by joining lists like this
one and others like dns-operations and bugtraq.
http://www.cymru.com/Documents/secure-bind-template.html
http://www.cisco.com/web/about/security/intelligence/dns-bcp.html
http://www.rfc-editor.org/bcp-index.html
http://shop.oreilly.com/product/9780596100575.do
Good luck!
do some research, and keep abreast of trends by joining lists like this
one and others like dns-operations and bugtraq.
http://www.cymru.com/Documents/secure-bind-template.html
http://www.cisco.com/web/about/security/intelligence/dns-bcp.html
http://www.rfc-editor.org/bcp-index.html
http://shop.oreilly.com/product/9780596100575.do
Good luck!
0 new messages