LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-12-2011, 11:30 AM   #1
iPatch
LQ Newbie
 
Registered: Oct 2009
Posts: 18

Rep: Reputation: 9
Question DNS BIND security, how safe is my server?


Hello, I recently finished installing/configuring BIND on a Scientific Linux 6.0 bpx. I registered a domain name through godaddy.com and set my SL 6.0 box to be the primary master for DNS. Now, I only have access to one public/WAN IP, and it looks like I am unable to subnet the IP to make more IP addresses. (It's a virtual server on another Linux box). My question is, how secure is my DNS. I read several books/guides on the internet to setup DNS/BIND. I did manage to get the chroot jail going, but wasn't sure if there are any security risks that I need to be aware of. Are there commands similar to nslookup/dig that could help troubleshoot the security of my DNS server?
 
Old 06-13-2011, 10:52 AM   #2
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,886

Rep: Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774
Well, I don't know, but:
  • Bind doesn't exactly have the shiningest of shining reputations as far as security is concerned. So, a big part of this is whether you manage to keep bind promptly patched for ever and always. I guess most people stray quite far from that ideal...
  • Did you understand networking and set up the most restrictive of firewalls when you set it up? That would probably improve things.
  • What are the implications of a denial of service, for you? For some people, it would be an irritation for others it would cost them big time.
 
Old 06-13-2011, 08:12 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,953
Blog Entries: 54

Rep: Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732Reputation: 2732
...in addition to the previous post there's plenty of reading material around: SANS: Security Issues with DNS (2003), SANS: DNS Security Considerations and the Alternatives to BIND (2003) (nice list of references), CIS: DNS BIND Benchmark (2006), CYMRU: Secure BIND Template (2009) and the http://www.bind9.net/manuals. *Should post some testing tools but I can't think of any except DIG, dnswalk or dnsenum and they're certainly not all-encompassing, HTH tho.
 
Old 06-14-2011, 09:16 AM   #4
iPatch
LQ Newbie
 
Registered: Oct 2009
Posts: 18

Original Poster
Rep: Reputation: 9
cool

Quote:
Originally Posted by unSpawn View Post
...in addition to the previous post there's plenty of reading material around: SANS: Security Issues with DNS (2003), SANS: DNS Security Considerations and the Alternatives to BIND (2003) (nice list of references), CIS: DNS BIND Benchmark (2006), CYMRU: Secure BIND Template (2009) and the http://www.bind9.net/manuals. *Should post some testing tools but I can't think of any except DIG, dnswalk or dnsenum and they're certainly not all-encompassing, HTH tho.
links.
 
Old 06-15-2011, 10:10 AM   #5
colucix
Moderator
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,453

Rep: Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941Reputation: 1941
Moved: This thread is more suitable in Linux - Security and has been moved accordingly to help your thread/question get the exposure it deserves.
 
  


Reply

Tags
bind, chroot, dns, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind DNS Security sjangra Linux - Security 3 12-23-2010 05:38 AM
Bind.DNS Help needed on Split DNS server manya Linux - Server 3 10-28-2010 08:39 AM
How to get Windows Clients to be served DNS from a Linux BIND-DNS Server texmansru47 Linux - Networking 12 07-10-2008 07:06 PM


All times are GMT -5. The time now is 04:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration