Skip to Main Content
Network Security Hacks
book

Network Security Hacks

by Andrew Lockhart
April 2004
Intermediate to advanced content levelIntermediate to advanced
320 pages
9h 10m
English
O'Reilly Media, Inc.
Content preview from Network Security Hacks

Secure BIND

Lock down your BIND setup to help contain potential security problems.

Due to BIND’s not-so-illustrious track record with regard to security, you’ll probably want to spend some time hardening your setup if you want to continue using it. One way to make running BIND a little safer is to run it inside a sandboxed environment. This is easy to do with recent versions of BIND, since it natively supports running as a nonprivileged user within a chroot( ) jail. All you need to do is set up the directory you’re going to have it chroot( ) to, and then change the command you’re using to start named to reflect this.

To begin, create a user and group to run named as (e.g., named). To prepare the sandboxed environment, you’ll need to create the appropriate directory structure. You can create the directories for such an environment within /named_chroot by running the following commands:

# mkdir /named_chroot
# cd /named_chroot
# mkdir -p dev etc/namedb/slave var/run

Next, you’ll need to copy your named.conf and namedb directory to the sandboxed environment:

# cp /etc/named.conf /named_chroot/etc
# cp -a /var/namedb/* /named_chroot/etc/namedb

This assumes that you store your zone files in /var/namedb. If you’re setting up BIND as a secondary DNS server, you will need to make the /named_chroot/etc/namedb/slave directory writable so that named can update the records it contains when it performs a domain transfer from the master DNS node. You can do this by running a command similar to the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux: Powerful Server Administration

Linux: Powerful Server Administration

Uday Sawant, Oliver Pelz, Jonathan Hobson, William Leemans

Publisher Resources

ISBN: 0596006438Catalog PageErrata