Section 6.6. Resources

Hopefully, we've given you a decent start on securing your BIND- or djbdns-based DNS server. You may also find the following resources helpful.

6.6.1 General DNS Security Resources

  1. USENET group: "FAQ." Web site: Frequently Asked Questions about DNS.

  2. Rowland, Craig. "Securing BIND." Web site: Instructions on securing BIND on both OpenBSD and Red Hat Linux. Some DNS-related RFCs (available at
  • 1035 (general DNS specs)

  • 1183 (additional Resource Record specifications)

  • 2308 (Negative Caching)

  • 2136 (Dynamic Updates)

  • 1996 (DNS Notify)

  • 2535 (DNS Security Extensions) Some DNS/BIND security advisories (available at

"Denial-of-Service Vulnerability in ISC BIND 9"


"Continuing Compromises of DNS Servers"


"Multiple Vulnerabilities in BIND"


"Multiple Vulnerabilities in BIND"


"BIND" ( cache-poisoning)

6.6.2 BIND Resources

  1. Internet Software Consortium. "BIND Operator's Guide" ("BOG"). Distributed separately from BIND 8 source code; current version downloadable from The BOG is the most important and useful piece of official BIND 8 documentation.

  2. Internet Software Consortium. "BIND 9 Administrator Reference Manual." Included with BIND 9 source-code distributions in the directory doc/arm, filename Bv9ARM.html. Also available in PDF format from The ARM is the most important and useful piece of official BIND 9 documentation.

  3. Internet Software Consortium. "Internet Software Consortium: BIND." Web site: Definitive source of all BIND software and documentation.

  4. Liu, Cricket. "Securing an Internet Name Server." Slide show, available at A presentation by Cricket Liu, coauthor of DNS and BIND (a.k.a. "The Grasshopper Book").

6.6.3 djbdns Resources

  1. Bernstein, D. J. "djbdns: Domain Name System Tools." Web site: The definitive source of djbdns software and documentation.

  2. Brauer, Henning. "Life with djbdns." Web site: A comprehensive guide to using djbdns, including sample configurations and links to other sites.

  3. Nelson, Russell. "djbdns Home Page." Web site: Official source of axfr tool, with lots of other useful information and links.

  4. "FAQTS ? Knowledge Base... djbdns." Web site: Frequently asked questions about djbdns.

  5. "Linux notebook/djbdns." Web site: Notes on running djbdns under Linux, by a user in Portugal.