Resources

Hopefully, we’ve given you a decent start on securing your BIND- or djbdns-based DNS server. You may also find the following resources helpful.

General DNS Security Resources

  1. comp.protocols.tcp-ip.domains USENET group: “FAQ.” Web site: http://www.intac.com/~cdp/cptd-faq/. Frequently Asked Questions about DNS.

  2. Rowland, Craig. “Securing BIND.” Web site: http://www.psionic.com/papers/whitep01.html. Instructions on securing BIND on both OpenBSD and Red Hat Linux.

Some DNS-related RFCs (available at http://www.rfc-editor.org)

  • 1035 (general DNS specs)

  • 1183 (additional Resource Record specifications)

  • 2308 (Negative Caching)

  • 2136 (Dynamic Updates)

  • 1996 (DNS Notify)

  • 2535 (DNS Security Extensions)

Some DNS/BIND security advisories (available at http://www.cert.org)

CA-2002-15

“Denial-of-Service Vulnerability in ISC BIND 9”

CA-2000-03

“Continuing Compromises of DNS Servers”

CA-99-14

“Multiple Vulnerabilities in BIND”

CA-98.05

“Multiple Vulnerabilities in BIND”

CA-97.22

“BIND” ( cache-poisoning)

BIND Resources

  1. Internet Software Consortium. “BIND Operator’s Guide” (“BOG”). Distributed separately from BIND 8 source code; current version downloadable from ftp://ftp.isc.org/isc/bind/src/8.3.3/bind-doc.tar.gz. The BOG is the most important and useful piece of official BIND 8 documentation.

  2. Internet Software Consortium. “BIND 9 Administrator Reference Manual.” Included with BIND 9 source-code distributions in the directory doc/arm, filename Bv9ARM.html. Also available in PDF format from http://www.nominum.com/content/documents/bind9arm.pdf ...

Get Building Secure Servers with Linux now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.