Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

January 09 2011

October 05 2010

Secure BIND Template v7.1 14 May 2009 TEAM CYMRU noc@cymru.com

The ubiquitous BIND (Berkeley Internet Name Domain) server is distributed with most UNIX variants and provides name services to countless networks. However, the BIND server is not without certain vulnerabilities, and is often a choice target for Internet vandals. These vandals utilize BIND vulnerabilities to gain root access to the host or to turn the host into a launching platform for DDOS attacks. An improper or insufficiently robust BIND configuration can also "leak" information about the hosts and addressing within the intranet. Miscreants can also take advantage of an insecure BIND configuration and poison the cache, thus permitting host impersonation and redirecting legitimate traffic to black holes or malicious hosts. This article presents a template for deploying a secure BIND configuration, thus mitigating some of the risk of running the BIND server.

Garnser: How to enable BIND with DNSSEC and Secure Dynamic Update using SIG(0)

For the last couple of days I've been struggling trying to figure out how to get DNSSEC with SDU (Secure Dynamic updates) to work using SIG(0) keys. I was almost at the edge of giving up when a colleague of mine proposed to try it out in RHEL 5.1 and file a bug report to RedHat, and so I did only to get the surprise that it worked perfectly fine.
Tags: dnssec bind howto

April 14 2010

wm161.net » Blog Archive » Bind and Zeroconf

Zeroconf is just that. It is networking with zero configuration. DNS and DHCP are all managed by each network’s node in a distributed fashion. But beyond that, each node advertises services it has available. A realistic use of this neat idea is my printer. I have a HP photosmart scanner/inkjet combo that uses Zeroconf to advertise itself to the network. If I had a Mac, I wouldn’t have to do anything special to print to it other than plugging it in. The machine already knows there is a printer around because the printer advertised it.
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!