
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Securing BIND
|
191
prevent bandwidth cluttering. The TTL determines how long individual zone’s RRs
may remain in the caches of other nameservers who retrieve them via queries.
Our other concerns in this zone file have to do with minimizing the unnecessary
disclosure of information. First, we want to minimize address records (A records)
and aliases (CNAME records) in general, so that only those hosts who need to be are
present.
We need to use Responsible Person (RP) and TXT records judiciously, if at all, but
we must never ever put any meaningful data into an HINFO record. HINFO is a sou-
venir of simpler times: HINFO records are used to state the operating system, its ver-
sion, and even hardware configuration of the hosts to which they refer.
Back in the days when a large percentage of Internet nodes were in academic institu-
tions and other open environments (and when computers were exotic and new), it
seemed reasonable to advertise this information to one’s users. Nowadays, HINFO
has no valid use on public servers other than obfuscation (i.e., intentionally provid-
ing false information to would-be attackers). In short, don’t use HINFO records!
RP is used to provide the email address of someone who administers the domain. It’s
best to set this to as uninteresting an address as possible—e.g., ...