Re: security BIND

[Michael Hoskins (michoski)]

-Original Message-

From: Carsten Strotmann 
Date: Saturday, August 4, 2012 8:37 AM
To: Alberto Rasillo 
Cc: "bind-users@lists.isc.org" 
Subject: Re: security BIND

>On Sat, 4 Aug 2012, Alberto Rasillo wrote:
>
>> Hi what are recomendations regarding security and DNS service?Thnks
>
>it is difficult (impossible?) to answer such a generic question.
>
>Generic security advice for a DNS service:
>* read your DNS servers documentation carefully
>* understand every bit of your configuration
>* don't use configuration settings you don't fully understand
>* understand hos DNS works (read a good book or visit a good DNS training)
>* run recent software (not old software that has know security issues)
>* monitor your DNS server (DNS server logfiles, DNS traffic-patterns)
>* don't run an 'open resolver'
>(https://otrs.menandmice.com/otrs/public.pl?Action=PublicFAQZoom;ItemID=59
>)

Agreed, there's no one answer but a collection of advice.  You'll need to
do some research, and keep abreast of trends by joining lists like this
one and others like dns-operations and bugtraq.

http://www.cymru.com/Documents/secure-bind-template.html

http://www.cisco.com/web/about/security/intelligence/dns-bcp.html

http://www.rfc-editor.org/bcp-index.html

http://shop.oreilly.com/product/9780596100575.do

Good luck!

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: security BIND

[Carsten Strotmann]

Hello Alberto,

On Sat, 4 Aug 2012, Alberto Rasillo wrote:


Hi what are recomendations regarding security and DNS service?Thnks


it is difficult (impossible?) to answer such a generic question.

Generic security advice for a DNS service:
* read your DNS servers documentation carefully
* understand every bit of your configuration
* don't use configuration settings you don't fully understand
* understand hos DNS works (read a good book or visit a good DNS training)
* run recent software (not old software that has know security issues)
* monitor your DNS server (DNS server logfiles, DNS traffic-patterns)
* don't run an 'open resolver' 
(https://otrs.menandmice.com/otrs/public.pl?Action=PublicFAQZoom;ItemID=59)


Anything more specific your would like to know?

-- Carsten

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

security BIND

[Alberto Rasillo]

Hi what are recomendations regarding security and DNS service?
Thnks
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users