Preventing Vexation and Woe: DNS Fundamentals, Part 2 - Page 4

By  Carla Schroder | Feb 4, 2003
Page 4 of 4   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Separating DNS Caches From DNS Servers

This is a crucial step for securing DNS. Caches and servers must have different IP addresses. If they share the same IP, an intruder who gains control of one will be able to control both, which means controlling both your incoming and outgoing DNS. It also means they can hijack your email and all traffic intended for your domain.

The modular structure of djbdns means installing only what you need to use. Rule #1 of security is unnecessary services increase vulnerability.

dig

dig, domain information groper, is a dandy little utility and study tool. Use it to study how other DNS admins configure their zones and to see how your own zones look from the outside.

Final Words

DNS is a surprisingly large subject. The djbdns home page is a great place to start, as it contains tutorials for every aspect of DNS. See also the relevant RFCs, they explain what all those mysterious abbreviations mean in more detail.

Resources
RFC 1035. See also 1591, 2181, and 3071
djbdns home page
Stroud's CWSApps, search here for Windows DNS and proxy software
Alcpress
Global Registry
Tinydns: Kiss Your Bind Good-Bye
Kiss Your BIND Good-bye: In-Depth Configuration with Tinydns
Webopedia
bind vs djbdns thread on the BIND Users Mailing List


» See All Articles by Columnist Carla Shroder


cschroder@internet.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >