FRUUG - Front Range Unix Users Group
FRUUG home
meeting archive
about FRUUG
join FRUUG
contact info

Securing Your DNS Server

At our March 2002 meeting, Cricket Liu of Men & Mice talked about security problems with various DNS implementations, including BIND and an un-named implementation still deployed and with security problems. He outlined how cache poisoning works, and how DNS servers can be lured into participating in denial-of-service attacks.

After discussing ISC's matrix of common BIND security flaws and drawing the conclusion that running the most recent version of Bind 8 (8.3.1 or 8.2.5) or Bind 9 (9.2.0) is a good idea, Cricket went on to discuss how to make these servers even more secure. Minimizing the number of services your DNS server provides and filtering incoming and outgoing traffic is a start; having BIND run in a chroot environment as a non-root user is even better.

With a server running in a secure environment, Cricket talked about how to configure BIND itself to reduce the potential for security flaws. For the full details, consult Cricket's presentation slides (pdf 347K).

Site Map Recruiter Info
February 15, 2009

February 2008: FRUUG Enters Quiescent Phase
After 27 years running, we're suspending operations.

Future Meetings:
None planned

Site by
Lone Eagle Systems, Inc.,
Hosted courtesy of Indra