
42
|
Chapter 3: The Domain Name System
If you have decided to use SUSE or Fedora instead of Debian, you can delete these
packages with your preferred method.
Now, let’s snip some out some service scripts and restart inetd:
# update-inetd --remove daytime
# update-inetd --remove telnet
# update-inetd --remove time
# update-inetd --remove finger
# update-inetd --remove talk
# update-inetd --remove ntalk
# update-inetd --remove ftp
# update-inetd --remove discard
# /etc/init.d/inetd reload
To install BIND on your Debian server, run the command:
# apt-get install bind9
Debian will download the file and configure it as an Internet service. You will see the
following messages on your console:
Setting up bind9 (9.2.4-1)
Adding group `bind' (104)
Done.
Adding system user `bind'
Adding new user `bind' (104) with group `bind'.
Not creating home directory.
Starting domain name service: named.
Using a chroot Environment for Security
Many security administrators recommend running BIND as a non-root user in an iso-
lated directory called a chroot environment. This protects against the substantial
chance that a security flaw will be found in your version of BIND, potentially
enabling outsiders to attack the named daemon and gain access to your system. Even
if named is exploited, a chroot environment limits any damage that can be done to
name services.
To put BIND in a chroot environment, you need to create a directory where ...