Yeah, look it over, but take the zone-transfer restrictions and
version-obfuscation stuff with a bit of a grain of salt. Those parts are
a little too PHSCSE (Pointy-Haired So-Called Security Expert)-ish for my
tastes, verging on Theater. At least they finally got rid of the "bogon"
stuff.
Chroot and unprivileged, on the other hand, are _de_rigeur_ for anything
facing the Internet directly, as is view separation (or, to be more
hardcore, process-instance/listen-on or machine separation) between
recursive-resolver and non-recursive/authoritative roles.
If you're slaving, you'd also want to set up TSIG-authentication between
masters and slaves. That's not shown in the template.
- Kevin
Dixon, Justin wrote:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
Hello BIND users,
I have setup a new Ubuntu 9.04 server with BIND9.
I have looked at a few tutorial and how to’s like this one:
https://help.ubuntu.com/community/BIND9ServerHowto
but would like to get your tips and tricks to secure your BIND servers
before putting it into production.
Thanks,
Neosys
Aside from standard OS level hardening that should have already been
done, I would recommend looking over the following:
http://www.cymru.com/Documents/secure-bind-template.html
Thanks…
Justin
------------------------------------------------------------------------
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
