Preventing Vexation and Woe: DNS Fundamentals, Part 2 - Page 4

By Carla Schroder | Posted Feb 4, 2003
Page 4 of 4   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Separating DNS Caches From DNS Servers

This is a crucial step for securing DNS. Caches and servers must have different IP addresses. If they share the same IP, an intruder who gains control of one will be able to control both, which means controlling both your incoming and outgoing DNS. It also means they can hijack your email and all traffic intended for your domain.

The modular structure of djbdns means installing only what you need to use. Rule #1 of security is unnecessary services increase vulnerability.

dig

dig, domain information groper, is a dandy little utility and study tool. Use it to study how other DNS admins configure their zones and to see how your own zones look from the outside.

Final Words

DNS is a surprisingly large subject. The djbdns home page is a great place to start, as it contains tutorials for every aspect of DNS. See also the relevant RFCs, they explain what all those mysterious abbreviations mean in more detail.

Resources
RFC 1035. See also 1591, 2181, and 3071
djbdns home page
Stroud's CWSApps, search here for Windows DNS and proxy software
Alcpress
Global Registry
Tinydns: Kiss Your Bind Good-Bye
Kiss Your BIND Good-bye: In-Depth Configuration with Tinydns
Webopedia
bind vs djbdns thread on the BIND Users Mailing List


» See All Articles by Columnist Carla Shroder


Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter