Security Portal: Hardening the BIND DNS ServerOct 02, 2000, 08:06 (4 Talkback[s])
"This paper presents the risks posed by an insecure DNS server and walks through compiling, installing, configuring and optionally, chroot'ing BIND 8. The test environment is Solaris 2.5, 2.6, 7 and 8. Many configuration and troubleshooting tips are provided, along with up-to-date references on BIND and alternatives for NT, Linux and Solaris."
"BIND (the Berkeley Internet Name Domain) 1 is the most frequently used DNS server, maintained by the ISC. It is also known as "named," since this is the name of the actual daemon itself. BIND has a long history, is a core tool for most Internet sites and is currently at V8."
"As with many applications exposed to the increasingly hostile Internet environment, security weaknesses have been discovered in BIND."
"So what, you say? Yet another program with security problems? There are so many problems in so many applications these days, it's just not possible to keep up with all these advisories and patches. Do we really have to worry about DNS too? Well, a compromised DNS server can pose some interesting risks...."