Preventing Vexation and Woe: DNS Fundamentals, Part 2 - Page 4
Separating DNS Caches From DNS Servers
This is a crucial step for securing DNS. Caches and servers must have different IP addresses. If they share the same IP, an intruder who gains control of one will be able to control both, which means controlling both your incoming and outgoing DNS. It also means they can hijack your email and all traffic intended for your domain.
The modular structure of djbdns means installing only what you need to use. Rule #1 of security is unnecessary services increase vulnerability.
dig
dig, domain information groper, is a dandy little utility and study tool. Use it to study how other DNS admins configure their zones and to see how your own zones look from the outside.
Final Words
DNS is a surprisingly large subject. The djbdns home page is a great place to start, as it contains tutorials for every aspect of DNS. See also the relevant RFCs, they explain what all those mysterious abbreviations mean in more detail.
Resources
RFC 1035. See also 1591, 2181, and 3071
djbdns home page
Stroud's CWSApps, search here for Windows DNS and proxy software
Alcpress
Global Registry
Tinydns: Kiss Your Bind Good-Bye
Kiss Your BIND Good-bye: In-Depth Configuration with Tinydns
Webopedia
bind vs djbdns thread on the BIND Users Mailing List
»
See All Articles by Columnist Carla Shroder
- « Previous Page
- 1
- 2
- 3
- 4