Restricting zone transfers
DNS server can be attacked using various techniques such as:
[a] DNS spoofing
[b] Cache poisoning
[c] Registration hijacking
One of the simplest ways to defend is limit zone transfers between nameservers by defining ACL. I see many admin allows BIND to transfer zones in bulk outside their network or organization. There is no need to do this. Remember you don't have to make an attacker's life easier.
Restricting zone transfers with IP addresses in BIND DNS Server
(Submitted by nixCraft Mon Oct 15, 2007 )
Our content can be syndicated: Main page Mac Page
Copyright 1999-2005 Noel Davis. Noel also runs web sites about sailing and kayaking.
All trademarks are the property of their owners.
All articles are owned by their author