The latest network routers, software, management tools and information for enterprise IT administrators.

Preventing Vexation and Woe: DNS Fundamentals, Part 2 - Page 4

By Carla Schroder

Page 4 of 4 | Back to Page 1

Separating DNS Caches From DNS Servers

This is a crucial step for securing DNS. Caches and servers must have different IP addresses. If they share the same IP, an intruder who gains control of one will be able to control both, which means controlling both your incoming and outgoing DNS. It also means they can hijack your email and all traffic intended for your domain.

The modular structure of djbdns means installing only what you need to use. Rule #1 of security is unnecessary services increase vulnerability.

dig

dig, domain information groper, is a dandy little utility and study tool. Use it to study how other DNS admins configure their zones and to see how your own zones look from the outside.

Final Words

DNS is a surprisingly large subject. The djbdns home page is a great place to start, as it contains tutorials for every aspect of DNS. See also the relevant RFCs, they explain what all those mysterious abbreviations mean in more detail.

Resources
RFC 1035. See also 1591, 2181, and 3071
djbdns home page
Stroud's CWSApps, search here for Windows DNS and proxy software
Alcpress
Global Registry
Tinydns: Kiss Your Bind Good-Bye
Kiss Your BIND Good-bye: In-Depth Configuration with Tinydns
Webopedia
bind vs djbdns thread on the BIND Users Mailing List

» See All Articles by Columnist Carla Shroder

This article was originally published on Feb 4, 2003

cschroder@internet.com

Get the Latest Scoop with Networking Update Newsletter

Thanks for your registration, follow us on our social networks to keep up-to-date