On Wed, 2003-09-03 at 10:26, Benjamin J. Weiss wrote: > > However, the local caching nameserver could be an appropriate solution > > iff the ISP is continuously negligent of DNS service problems and Marc > > invests the time to learn how to properly secure such a service. > > As a person who is standing up a linux DNS (yes, it's necessary), I just > want to double check: The only three ways that *I* know of to secure DNS is > (1) to ensure that I'm running the latest version from RedHat via up2date, > (2) to have it run as the 'named' user instead of as root, and (3) to chroot > jail the process. > > Am I missing anything here?
(4) Don't run Bind DNS. djbdns is a very secure alternative from D.J. Bernstein, the same guy that brought us qmail. (5) Other OS-tightening methods that aren't DNS-specific and too numerous to mention here. -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
