Tidbits | Jan. 5, 2006

DNS & BIND Security

by Frank Wiles

Understanding DNS is hard. REALLY HARD. It takes most people several years of running a DNS server on the public Internet before they really become comfortable with all of the various nuances. I've been doing it for many years and I even make silly mistakes sometimes.

A recent study of DNS server configurations found that 20% had security holes and nearly 70% were improperly configured in some aspect or another. I shouldn't be surprised by this, but deep down part of me is surprised these numbers are quite so high. I really recommend, if you can, have someone else run your DNS for you. If you aren't comfortable with it there is no reason to put yourself through the trouble of getting everything setup properly. However, if you do need or want to run your own DNS server I highly recommend the DNS & BIND book from O'Reilly. It covers everything you will need to know and then some.

If you do run your own DNS, I suggest you have someone who is very familiar with DNS to verify your DNS configuration is accurate and secure to help ensure nothing bad happens to you.

2006-01-05T01:28:12 2018-04-18T15:59:47.014604 2006