7:51 PM - Bind security
Someone posted this on the net today about bind security.. nice i may try it
BIND when used correctly can foil/hamper these DNS attacks from occuring.
Any tool improperly used can possibly cause problems.
This a proper way to secure a Bind nameserver.
An example would be in your bind named.conf adding an acl section and adding to section options.
//add your trusted networks
acl "trusted_queries" { 127.0.0.1; 192.168.1.0/24; some.ip.network.outthere/8; };
acl "trusted_recursion" { 127.0.0.1; 192.168.1.0/24; some.ip.network.outthere/8; };
options {
allow-query ( "trusted_queries" };
allow-recursion { "trusted_recursion" };
version "no version"; //protect your nameserver version
};
//and for your zones just add allow-query any
zone "some.zone.com" IN {
type master;
file "pri/some.zone.com.zone";
allow-query { any; }; //allow legitimate nameservers to get host info
};
BIND when used correctly can foil/hamper these DNS attacks from occuring.
Any tool improperly used can possibly cause problems.
This a proper way to secure a Bind nameserver.
An example would be in your bind named.conf adding an acl section and adding to section options.
//add your trusted networks
acl "trusted_queries" { 127.0.0.1; 192.168.1.0/24; some.ip.network.outthere/8; };
acl "trusted_recursion" { 127.0.0.1; 192.168.1.0/24; some.ip.network.outthere/8; };
options {
allow-query ( "trusted_queries" };
allow-recursion { "trusted_recursion" };
version "no version"; //protect your nameserver version
};
//and for your zones just add allow-query any
zone "some.zone.com" IN {
type master;
file "pri/some.zone.com.zone";
allow-query { any; }; //allow legitimate nameservers to get host info
};
0 comments