“This paper presents the risks posed by an insecure DNS
server and walks through compiling, installing, configuring and
optionally, chroot’ing BIND 8. The test environment is Solaris
2.5, 2.6, 7 and 8. Many configuration and troubleshooting tips are
provided, along with up-to-date references on BIND and alternatives
for NT, Linux and Solaris.”
“BIND (the Berkeley Internet Name Domain) 1 is the most
frequently used DNS server, maintained by the ISC. It is also known
as “named,” since this is the name of the actual daemon itself.
BIND has a long history, is a core tool for most Internet sites and
is currently at V8.”
“As with many applications exposed to the increasingly hostile
Internet environment, security weaknesses have been discovered in
BIND.”
“So what, you say? Yet another program with security problems?
There are so many problems in so many applications these days, it’s
just not possible to keep up with all these advisories and patches.
Do we really have to worry about DNS too? Well, a compromised DNS
server can pose some interesting risks….”