Complete.Org: Mailing Lists: Archives: linux-help: October 2000:
[linux-help] Re: Firewalls and bind
Home

[linux-help] Re: Firewalls and bind

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: linux-help@xxxxxxxxx
Subject: [linux-help] Re: Firewalls and bind
From: Steven Saner <ssaner@xxxxxxxxxxxxxxx>
Date: Tue, 17 Oct 2000 23:40:42 -0500
Reply-to: linux-help@xxxxxxxxx

On Tue, Oct 17, 2000 at 10:19:27PM -0500, james l wrote:
> On Tue, 17 Oct 2000, you wrote:
> > Setting up bind as a caching-only name server is very simple.  The Debian
> > configuration allows for this with the default configuration script.  I
> > imagine RH or nearly any other distribution would do the same.  If not, you
> > can do it by hand very easily, too--just spend 5 minutes reading bind
> > documentation to see how :-)
> > 
> Already did.
> 
> > As for firewalling... Why bother? :-)  I'm not __aware__ of any security
> > issues with bind that would jeapordize your system.  Although I don't
> > necissarily keep up on all those issues.  Someone might be able to retrieve
> > cached information from your name server!! :-)
> > 
> > 
> 
> Because, I have heard that bind does have security issues. In fact, I have
> heard of some DNS servers that are explicitly designed to minimise the
> security risks.

bind has been known to have certain security issues in some of the
older version. However, as long as your are running the newest version
of bind and keep up with the revisions, you should be fine. The thing
is about firewalling, unless I missunderstand what you are trying to
do, you have to allow information in from potentially any
authoritative DNS server on the Internet. What would a firewall help?
The place where you might want to put a DNS server behind a firewall
is where you want it to be authoritative for your own private, non
registered domain, and don't want anything from the outside world to
get to it.


> James
> 
> btw, Yes that was another duplicated message. I used konqueror to send
> messages which launched kmail 1.94 which sent them while I was running 1.1.2,
> and raided it's temp files (#s from kde version)
> 
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi

-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]