13.5. djbdns
BIND can be very secure, with the proper precautions. Unfortunately, as BIND has grown, the number of supported features has grown as well. Consequently, most implementations of BIND ship with very few security precautions in place. If a DNS administrator is not familiar with the steps required to secure a DNS server, BIND can be an easy target for an attacker.
One solution is to use an alternative to BIND. The most commonly used alternative is djbdns. Named for its creator, Dan Bernstein, djbdns is a minimal DNS server. It was designed to be small and secure.
Djbdns improves security in several ways. Most of these security enhancements can also be done with BIND, but they are not enabled by default. One of the primary security ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
