Re: Protecting bind from DNS cache poisoning!!!

2010-08-09 Thread Tony Finch
On Mon, 9 Aug 2010, Shiva Raman wrote: > > I tried implementing dnssec using the following document > http://blog.dustintrammell.com/2008/08/01/configuring-dnssec-in-bind/ That is rather out of date: it does not cover some important BIND-9.7 DNSSEC validation features, specifically RFC 5011 autom

Re: Protecting bind from DNS cache poisoning!!!

2010-08-09 Thread Matus UHLAR - fantomas
Allow bind to use as wide a range of port numbers as possible for UDP traffic. >> >> On 09.08.10 17:14, Shiva Raman wrote: >>> Yes this is allowed in the firewall. >> >> note that bind also should not have "port" potion in query-source statement. On 09.08.10 14:08, Wolfgang Solfrank wrot

Re: Protecting bind from DNS cache poisoning!!!

2010-08-09 Thread Torsten
Am Mon, 09 Aug 2010 14:08:26 +0200 schrieb Wolfgang Solfrank : > >>> Allow bind to use as wide a range of port numbers as possible for > >>> UDP traffic. > > > > On 09.08.10 17:14, Shiva Raman wrote: > >> Yes this is allowed in the firewall. > > > > note that bind also should not have "port" potio

Re: Protecting bind from DNS cache poisoning!!!

2010-08-09 Thread Wolfgang Solfrank
Allow bind to use as wide a range of port numbers as possible for UDP traffic. On 09.08.10 17:14, Shiva Raman wrote: Yes this is allowed in the firewall. note that bind also should not have "port" potion in query-source statement. In addition, be carefull with the use of NAT on your firewal

Re: Protecting bind from DNS cache poisoning!!!

2010-08-09 Thread Matus UHLAR - fantomas
> >Allow bind to use as wide a range of port numbers as possible for UDP > >traffic. On 09.08.10 17:14, Shiva Raman wrote: > Yes this is allowed in the firewall. note that bind also should not have "port" potion in query-source statement. > > Make sure your firewalls don't do daft things like fo

Re: Protecting bind from DNS cache poisoning!!!

2010-08-09 Thread Shiva Raman
Hi Thanks for your valuable suggestions >Run an up-to-date version of bind. Be fanatical about applying security >patches promptly. Yes , i am running the latest version Bind-9.7.1-P2. >Don't allow recursion /at all/ for queries from the general public to >your authoritative servers, nor permit

Re: Protecting bind from DNS cache poisoning!!!

2010-08-08 Thread Matthew Seaman
On 08/08/2010 11:29:52, Shiva Raman wrote: >I am running Bind caching and bind authoritative servers with current > 9.7 version. I would like > to know the steps to be followed to protect bind from DNS Cache poisoning. > The bind DNS server > is running behind the firewall which allows onl

Protecting bind from DNS cache poisoning!!!

2010-08-08 Thread Shiva Raman
Dear All I am running Bind caching and bind authoritative servers with current 9.7 version. I would like to know the steps to be followed to protect bind from DNS Cache poisoning. The bind DNS server is running behind the firewall which allows only DNS queries . kindly share your views.