Cndnsd Vrsn: 4 PM Wednesday March 13th ACS Room
123- Securing Your DNS Server
The next meeting of the Front Range UNIX Users
Group (FRUUG) will be held at 4:00 P.M. on Wednesday, March 13th.
Cricket Liu, co-author of the definitive "DNS and BIND" book,
will discuss how to secure your DNS server. This is the second
in three talks on security issues. Last month we heard about
using open-source security tools, and next month we hear about
securing wireless networks.
Widely publicized DNS failures at several large companies,
including Microsoft, have raised the public's awareness of
the vulnerability of the Internet's DNS infrastructure. In
this talk, Cricket will examine several DNS vulnerabilities
and will discuss techniques to harden name servers against
In addition, Cricket will respond to FRUUG member requests and provide
some tips on how to make your DNS server a good network citizen.
At our March 2001 meeting on DNS Damage, Evi Nemeth showed
us just how many requests of the DNS Root Servers were bogus,
and traced many of the problems to incorrect default settings
in Microsoft Windows servers. Cricket will discuss some
of the bogus queries that Evi's work found and how to prevent
your site from issuing them. Slides and more information
on Evi's talk are located in the
Cricket Liu is the co-author of all of O'Reilly & Associates Nutshell
Handbooks on the Domain Name System, DNS and BIND, DNS on Windows NT, and
DNS on Windows 2000, and was the principal author of Managing Internet
Cricket worked for five and a half years at Hewlett-Packard's Corporate
Network Services, where he ran hp.com, one of the largest corporate domains
in the world, and helped design the HP Internet's security architecture. He
later joined HP's consulting organization to found their Internet consulting
Cricket left HP in 1997 to start his own company, Acme Byte & Wire, with his
friend and co-author Matt Larson. Acme Byte & Wire specialized in
consulting and training on the Domain Name System, including both the BIND
and Microsoft DNS Server implementations. Acme Byte & Wire's customers
included over 10% of Fortune 100 companies.
Network Solutions acquired Acme Byte & Wire in June of 2000. Subsequently,
Network Solutions merged with VeriSign. Cricket became Director of DNS
Product Management of the merged company, helping determine which new
DNS-related products VeriSign would offer.
Cricket left VeriSign in June, 2001, to join Men & Mice, an Icelandic
company specializing in DNS software and services. As Vice President,
Research & Development, he develops courseware, teaches classes, and heads
the company's consulting organization.
Recently, Cricket finished the fourth edition of DNS and BIND, to cover BIND
versions 8.2.3 and 9.1.0.
This meeting will be in room 123 of the CU Academic Computing
Center building at Arapahoe and Marine Streets in Boulder. Marine St intersects
Arapahoe at 38th St; the Computing Center is on the southwest corner.
At our last meeting, Trent Hein and Ned McClain discussed the
use of open-source security tools to protect your networks,
including nmap, nessus, and the Coroner's Toolkit.
Their presentation slides are available in the FRUUG
meeting archive at
We have a great set of meetings lined up for the future. Those
with firm dates include:
- April 4, David Clements and Bob
Gray will talk about how to secure your wireless networks, and
will include the results of their 'drive-by' survey of wireless
network insecurity in and around Boulder.
- April 25,
Peter O'Neil from NCAR will speak to us about both web100
initiatives to work towards 100 percent utilization of
network media such as Ethernet.
Other meetings we're planning for the future include UNIX
interoperability with MacOS X, IP-based Storage Area Networks (SANs),
and an update on how to control spam-- unsolicited e-mail.
Last month we began our new
FRUUG Giveaway program with new eligibility rules.
In order to be eligible for our giveaway that includes
Gift Certificates to SoftPro Books and
Special Giveaway Books from our
publisher sponsors (and of course the occasional T-Shirt),
you must have earned a
FRUUG Library Merit Badge by
reviewing one of the books in our library. These reviews
can be as short or as long as you like (within reason),
and once you've given us one, your eligible for our giveaways
from then on. Details are on our
FRUUG Library Page on our Web site.
Just so we don't end up with the absurd situation of one
person winning all of our giveaways because only one person
writes a book review, we're
guaranteeing the first five
people to earn the FRUUG Library Merit Badge the gift of
your choice from the following selections:
A $20 Gift Certificate from SoftPro Books in Boulder or
Denver. If more than one person per month selects this
option, you'll be put in the queue to get the next one
we receive (SoftPro donates one per meeting).
The book of your choice from the FRUUG library.
Yes, any book you like. Yes, if you're one of the first
five, review the book and then keep it.
Three people have already taken advantage of this great
offer; the next two reviewers will still be guaranteed
the gift certificate or the book of their choice.
Please refer to the
FRUUG Library Page on our site
for details on how to submit a book review.
Our FRUUG library sponsors are reminding us that they are
providing us with review copies of their books in order to get,
well, reviews of them. In order for us to continue to receive
their generous donations, we need to start giving them feedback
on their books. If you check out a FRUUG book, please plan
to write a paragraph on what you thought of the book, or point
out areas that you particularly liked or didn't like. They
don't have to be polished reviews for publication-- they
are reviews for them to improve their books. If you can
manage to put a few words together, please send them (along
with the title and publisher of the book) to gaede at fruug.org
and we'll send it along to the appropriate people.
New in the library this month are:
- Java RMI, by William Grosso, from O'Reilly & Associates.
- Learning the UNIX Operating System, by Jerry Peek,
Grace Todino, and John Strang, from O'Reilly & Associates.
- Programming Web services with SOAP, by James Snell, Doug
Tidwell, and Pavel Kulchenko, from O'Reilly & Associates.
- Python Web Programming, by Steve Holden and David Beazley,
from New Riders.
You may check out books using your business card as your
library card; you must be on the membership list to check books out. Books
are due at the meeting following the one in which they are checked out.
Remember that your FRUUG membership entitles you to discounts
on your book orders from both New Riders Publishing and O'Reilly &
Associates; refer to the FRUUG Web site for details.
Miriam Gilbert is trying to equip an eighth grade math class
at Casey Middle School with graphing calculators. If you have
one that you could donate, or wish to contribute to this
program, please contact Miriam at
or call her at (303) 818-7187.