On Sun, 30 Dec 2001 22:02, jernej horvat wrote: > On Sunday 30 December 2001 18:46, P Prince wrote: > > The eaisest and most failsafe way to secure bind is to install djbdns. > > If you have nothing to say - do not speak.
Perhaps a discussion of the relative merits of djbdns and bind is in order. I wanted to move to djbdns at one time, but it was too painful. Everything had to be redone (the config files were all incompatible), the documentation was inadequate, and there was no good amount of support on the net. Has djbdns improved since then? > Securing DNS: > http://www.psionic.com/papers/dns/ 2.4.x kernels support the --bind option to mount which avoids the syslogd hackery described in this URL. Also the authbind method supported by Debian is much more powerful and useful than using the chuid() functionality in bind. Both these things aren't mentioned. > Cricket Liu's presentation on how to secure BIND: > http://www.acmebw.com/papers/securing.pdf I disagree with the supposed security benefits of disabling zone transfers, it's just security by obscurity. Also when idiots read such advice and take it to heart it gets in the way when you have a genuine need for zone transfers. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]