13.2. A Secure BIND Installation

The discussion of DNS has largely focused on theoretical information to this point. It is time to shift to more practical aspects of DNS security; in particular, the focus will be on securing a BIND installation.

BIND is the software that allows DNS to function for most of the Internet; in fact, BIND servers handle more than 90 percent of all DNS queries on the Internet. BIND is incredibly robust. Many of the root name servers use BIND, and they are answering more than 200 million queries a day.

BIND was first developed in 1983 at the University of California-Berkeley as a way to handle DNS queries. Over the years the ownership of BIND has moved from organization to organization. Currently, the Internet Software ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.