1. Home
  2. Linux systems
  3. Secure Linux-based Servers

Section 6.6. Resources

Hopefully, we've given you a decent start on securing your BIND- or djbdns-based DNS server. You may also find the following resources helpful.

6.6.1 General DNS Security Resources

  1. comp.protocols.tcp-ip.domains USENET group: "FAQ." Web site: http://www.intac.com/~cdp/cptd-faq/. Frequently Asked Questions about DNS.

  2. Rowland, Craig. "Securing BIND." Web site: http://www.psionic.com/papers/whitep01.html. Instructions on securing BIND on both OpenBSD and Red Hat Linux.

6.6.1.1 Some DNS-related RFCs (available at http://www.rfc-editor.org)

  • 1035 (general DNS specs)

  • 1183 (additional Resource Record specifications)

  • 2308 (Negative Caching)

  • 2136 (Dynamic Updates)

  • 1996 (DNS Notify)

  • 2535 (DNS Security Extensions)

6.6.1.2 Some DNS/BIND security advisories (available at http://www.cert.org)
CA-2002-15

"Denial-of-Service Vulnerability in ISC BIND 9"

CA-2000-03

"Continuing Compromises of DNS Servers"

CA-99-14

"Multiple Vulnerabilities in BIND"

CA-98.05

"Multiple Vulnerabilities in BIND"

CA-97.22

"BIND" ( cache-poisoning)

6.6.2 BIND Resources

  1. Internet Software Consortium. "BIND Operator's Guide" ("BOG"). Distributed separately from BIND 8 source code; current version downloadable from ftp://ftp.isc.org/isc/bind/src/8.3.3/bind-doc.tar.gz. The BOG is the most important and useful piece of official BIND 8 documentation.

  2. Internet Software Consortium. "BIND 9 Administrator Reference Manual." Included with BIND 9 source-code distributions in the directory doc/arm, filename Bv9ARM.html. Also available in PDF format from http://www.nominum.com/content/documents/bind9arm.pdf. The ARM is the most important and useful piece of official BIND 9 documentation.

  3. Internet Software Consortium. "Internet Software Consortium: BIND." Web site: http://www.isc.org/products/BIND/. Definitive source of all BIND software and documentation.

  4. Liu, Cricket. "Securing an Internet Name Server." Slide show, available at http://www.acmebw.com/papers/securing.pdf. A presentation by Cricket Liu, coauthor of DNS and BIND (a.k.a. "The Grasshopper Book").

6.6.3 djbdns Resources

  1. Bernstein, D. J. "djbdns: Domain Name System Tools." Web site: http://cr.yp.to/djbdns.html. The definitive source of djbdns software and documentation.

  2. Brauer, Henning. "Life with djbdns." Web site: http://lifewithdjbdns.org. A comprehensive guide to using djbdns, including sample configurations and links to other sites.

  3. Nelson, Russell. "djbdns Home Page." Web site: http://www.djbdns.org. Official source of axfr tool, with lots of other useful information and links.

  4. "FAQTS ? Knowledge Base... djbdns." Web site: http://www.faqts.com/knowledge_base/index.phtml/fid/699/. Frequently asked questions about djbdns.

  5. "Linux notebook/djbdns." Web site: http://binarios.com/lnb/djbdns.html#djbdns. Notes on running djbdns under Linux, by a user in Portugal.



    		Building Secure Servers with Linux
    		Preface
    		Chapter 1. Threat Modeling and Risk Management
    		Chapter 2. Designing Perimeter Networks
    		Chapter 3. Hardening Linux
    		Chapter 4. Secure Remote Administration
    		Chapter 5. Tunneling
    		Chapter 6. Securing Domain Name Services (DNS)
    		Section 6.1. DNS Basics
    		Section 6.2. DNS Security Principles
    		Section 6.3. Selecting a DNS Software Package
    		Section 6.4. Securing BIND
    		Section 6.5. djbdns
    		Section 6.6. Resources
    		Chapter 7. Securing Internet Email
    		Chapter 8. Securing Web Services
    		Chapter 9. Securing File Services
    		Chapter 10. System Log Management and Monitoring
    		Chapter 11. Simple Intrusion Detection Techniques
    		Appendix A. Two Complete Iptables Startup Scripts
    		Colophon