-----Original Message----- From: Carsten Strotmann <c...@strotmann.de> Date: Saturday, August 4, 2012 8:37 AM To: Alberto Rasillo <bluesnatu...@gmail.com> Cc: "bind-users@lists.isc.org" <bind-users@lists.isc.org> Subject: Re: security BIND
>On Sat, 4 Aug 2012, Alberto Rasillo wrote: > >> Hi what are recomendations regarding security and DNS service?Thnks > >it is difficult (impossible?) to answer such a generic question. > >Generic security advice for a DNS service: >* read your DNS servers documentation carefully >* understand every bit of your configuration >* don't use configuration settings you don't fully understand >* understand hos DNS works (read a good book or visit a good DNS training) >* run recent software (not old software that has know security issues) >* monitor your DNS server (DNS server logfiles, DNS traffic-patterns) >* don't run an 'open resolver' >(https://otrs.menandmice.com/otrs/public.pl?Action=PublicFAQZoom;ItemID=59 >) Agreed, there's no one answer but a collection of advice. You'll need to do some research, and keep abreast of trends by joining lists like this one and others like dns-operations and bugtraq. http://www.cymru.com/Documents/secure-bind-template.html http://www.cisco.com/web/about/security/intelligence/dns-bcp.html http://www.rfc-editor.org/bcp-index.html http://shop.oreilly.com/product/9780596100575.do Good luck! _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users