LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   DNS BIND security, how safe is my server? (http://www.linuxquestions.org/questions/linux-security-4/dns-bind-security-how-safe-is-my-server-885912/)

iPatch 06-12-2011 11:30 AM

DNS BIND security, how safe is my server?
 
Hello, I recently finished installing/configuring BIND on a Scientific Linux 6.0 bpx. I registered a domain name through godaddy.com and set my SL 6.0 box to be the primary master for DNS. Now, I only have access to one public/WAN IP, and it looks like I am unable to subnet the IP to make more IP addresses. (It's a virtual server on another Linux box). My question is, how secure is my DNS. I read several books/guides on the internet to setup DNS/BIND. I did manage to get the chroot jail going, but wasn't sure if there are any security risks that I need to be aware of. Are there commands similar to nslookup/dig that could help troubleshoot the security of my DNS server?

salasi 06-13-2011 10:52 AM

Well, I don't know, but:
  • Bind doesn't exactly have the shiningest of shining reputations as far as security is concerned. So, a big part of this is whether you manage to keep bind promptly patched for ever and always. I guess most people stray quite far from that ideal...
  • Did you understand networking and set up the most restrictive of firewalls when you set it up? That would probably improve things.
  • What are the implications of a denial of service, for you? For some people, it would be an irritation for others it would cost them big time.

unSpawn 06-13-2011 08:12 PM

...in addition to the previous post there's plenty of reading material around: SANS: Security Issues with DNS (2003), SANS: DNS Security Considerations and the Alternatives to BIND (2003) (nice list of references), CIS: DNS BIND Benchmark (2006), CYMRU: Secure BIND Template (2009) and the http://www.bind9.net/manuals. *Should post some testing tools but I can't think of any except DIG, dnswalk or dnsenum and they're certainly not all-encompassing, HTH tho.

iPatch 06-14-2011 09:16 AM

cool
 
Quote:

Originally Posted by unSpawn (Post 4384681)
...in addition to the previous post there's plenty of reading material around: SANS: Security Issues with DNS (2003), SANS: DNS Security Considerations and the Alternatives to BIND (2003) (nice list of references), CIS: DNS BIND Benchmark (2006), CYMRU: Secure BIND Template (2009) and the http://www.bind9.net/manuals. *Should post some testing tools but I can't think of any except DIG, dnswalk or dnsenum and they're certainly not all-encompassing, HTH tho.

links.

colucix 06-15-2011 10:10 AM

Moved: This thread is more suitable in Linux - Security and has been moved accordingly to help your thread/question get the exposure it deserves.


All times are GMT -5. The time now is 02:30 PM.