Hello, On Sun, 30 Dec 2001, Russell Coker wrote:
> On Sun, 30 Dec 2001 22:02, jernej horvat wrote: > > On Sunday 30 December 2001 18:46, P Prince wrote: > > > The eaisest and most failsafe way to secure bind is to install djbdns. > > > > If you have nothing to say - do not speak. Heh, I didn't send a blank message. The point was clear. It was not a 'troll'. > Perhaps a discussion of the relative merits of djbdns and bind is in order. Certainly. > I wanted to move to djbdns at one time, but it was too painful. Everything > had to be redone (the config files were all incompatible), the documentation > was inadequate, and there was no good amount of support on the net. Of course the config files are incompatible - djbdns's file format is far simpler. The documentation is excellent - and simple, because the system is simple. > Has djbdns improved since then? I don't think djbdns has ever been at the level you suggest. I strongly *strongly* suggest that anyone considering setting up DNS, be it BIND or djbdns, check out Daniel Bernstein's site on the subject, http://cr.yp.to/djbdns.html > > Securing DNS: > > http://www.psionic.com/papers/dns/ > > 2.4.x kernels support the --bind option to mount which avoids the syslogd > hackery described in this URL. Also the authbind method supported by Debian > is much more powerful and useful than using the chuid() functionality in > bind. Both these things aren't mentioned. > > > Cricket Liu's presentation on how to secure BIND: > > http://www.acmebw.com/papers/securing.pdf > > I disagree with the supposed security benefits of disabling zone transfers, > it's just security by obscurity. Also when idiots read such advice and take > it to heart it gets in the way when you have a genuine need for zone > transfers. What is wrong with security by obscurity? It's an excellent strategy, albeit not a complete one. > -- > http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark > http://www.coker.com.au/postal/ Postal SMTP/POP benchmark > http://www.coker.com.au/projects.html Projects I am working on > http://www.coker.com.au/~russell/ My home page Yours, -Tech > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
