[rescue] BIND 9 conf file example needed...

Al Potter apotter at spankingnuns.com
Sun Dec 22 19:12:38 CST 2002

jp at celestrion.net said:
> You don't have to worry about that.  DNS only gives you enough rope to
> hang yourself with--but not enough to hang all of us. :)

Um, DNS and BIND in particular can get you 0wn3d or worse (yes, it can get 
worse[1]) faster than anything else.  It's not particularly HARD (IMNSHO) to 
to set it up right and securely, and to keep it that way, particularly for 
folks at the typical clue-level of folks on this list, but it doesn't come 
out of the box that way.

> BTW, here's my config file:

I hope that's not ALL of your config file.

I would refer you and all other BINDers to the abundant resourses on BIND 
security, and counsel you to pay attention to recursion (restricting it), 
split DNS, ACLs, restricting zone transfers, etc.

[1] Worse than 0wned happens when the bad guy completely hax0rs your DNS, 
and you find thaat YOUR domain is not on someone elses server.  The someone 
else is not typically a nice guy in this scenario.



More information about the rescue mailing list