[rescue] BIND 9 conf file example needed...
apotter at spankingnuns.com
Sun Dec 22 19:12:38 CST 2002
jp at celestrion.net said:
> You don't have to worry about that. DNS only gives you enough rope to
> hang yourself with--but not enough to hang all of us. :)
Um, DNS and BIND in particular can get you 0wn3d or worse (yes, it can get
worse) faster than anything else. It's not particularly HARD (IMNSHO) to
to set it up right and securely, and to keep it that way, particularly for
folks at the typical clue-level of folks on this list, but it doesn't come
out of the box that way.
> BTW, here's my config file:
I hope that's not ALL of your config file.
I would refer you and all other BINDers to the abundant resourses on BIND
security, and counsel you to pay attention to recursion (restricting it),
split DNS, ACLs, restricting zone transfers, etc.
 Worse than 0wned happens when the bad guy completely hax0rs your DNS,
and you find thaat YOUR domain is not on someone elses server. The someone
else is not typically a nice guy in this scenario.
More information about the rescue