[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Paranoid question regarding Bind

To: Rémi Guyomarch <rguyom@pobox.com>,misc@openbsd.org
Subject: Re: Paranoid question regarding Bind
From: SLaSH <slash@arbornet.org>
Date: Thu, 01 Nov 2001 07:26:33 -0600
References: <Pine.BSO.4.33.0110311005180.26823-100000@campus.iztacala.unam.mx> <20011031174627.A96387@diabolo.ifn.fr>

make sure that both your bind daemons run in a different chroot'ed
environment. That helps security a lot. If a bad cracker compromises
your daemon he won't have much to show for ;)

/marco

----- Original Message -----
From: "Rémi Guyomarch" <rguyom@pobox.com>
To: <misc@openbsd.org>
Sent: Wednesday, October 31, 2001 10:46 AM
Subject: Re: Paranoid question regarding Bind

On Wed, Oct 31, 2001 at 10:11:33AM -0600, Gunnar Wolf wrote:
> Hi,
>
> I ran Nessus today against one of my servers, and found out one thing
> that worried me:
>
> > . Warning found on port domain (53/tcp)
> >
> >    The remote name server allows recursive queries to be performed
> >    by the host running nessusd.

I fixed this by using two nameservers. One external and one internal.

On the external one, I put :
options         no-recursion
in "/var/named/named.boot".

--
Rémi

Follow-Ups:
- Re: Paranoid question regarding Bind
  - From: Rémi Guyomarch <rguyom@pobox.com>
- Re: Paranoid question regarding Bind
  - From: Gunnar Wolf <gwolf@campus.iztacala.unam.mx>

Prev by Date: RE: really weird NAT (?) problem
Next by Date: ipf multiple rules files
Prev by thread: Re: Paranoid question regarding Bind
Next by thread: Re: Paranoid question regarding Bind
Index(es):
- Date
- Thread