:Security Portal: DNS Security - closing the b(l)inds
Security Portal: DNS Security - closing the b(l)inds Sep 29, 1999, 14 :08 UTC (1 Talkback[s]) (8049 reads) (Other stories by Kurt Seifried)
"DNS is one of the basic services that makes the Internet work, without it there would be
no "sun.com" or "microsoft.com" or "securityportal.com". At one point the entire list of computers on the Internet fit
easily into a single file (usually /etc/hosts) which was (and still is) a simple table of names and IP addresses..."
"DNS provides a "phonebook" of hosts on your network, and like any company phone directory, it is an invaluable resource for someone planning an attack. Additionally, many companies
now rely on services (such as email, or web based commerce) that rely on DNS servers to provide information to customers so that they can find the servers. However many DNS
servers, and the information they provide, are woefully unprotected. Bind 8.x provides several facilities to control access to your DNS servers."
"The first step is to define ACL's (access control lists) in your named.conf file, and then to use the "allow-query" and "allow-transfer" directives to grant or revoke access to information
that the DNS server provides. DNS servers typically provides two kinds of information, the most obvious being domains that they host, such as example.com. This service is usually
critical, as without it internal machines can't find each other, and customers won't be able to find your web site, or email server. These domains usually contain a complete list of every piece
of network attached equipment in your infrastructure (such as firewall-nt.example.com) that can give an attacker help when planning an assault on your network..."
