1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews<HTML

7a272c6b0de3b8c0ad018b9896e287da19c43befAutomatic Updater><HEAD

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><TITLE

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>BIND 9 Security Considerations</TITLE

ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater><META

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews"><LINK

dafcb997e390efa4423883dafd100c975c4095d6Mark AndrewsHREF="Bv9ARM.html"><LINK

dafcb997e390efa4423883dafd100c975c4095d6Mark AndrewsHREF="Bv9ARM.ch06.html"><LINK

1e107b3d7b54de5022c3328423164e533afcc15eMark AndrewsHREF="Bv9ARM.ch08.html"></HEAD

7a272c6b0de3b8c0ad018b9896e287da19c43befAutomatic Updater><BODY

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><TABLE

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><TR

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><TH

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>BIND 9 Administrator Reference Manual</TH

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></TR

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><TR

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><TD

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>Prev</A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></TD

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><TD

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></TD

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><TD

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>Next</A

a8f061d5c61bbdbe922cbb0adb70ae81770b52cbMark Andrews></TD

a8f061d5c61bbdbe922cbb0adb70ae81770b52cbMark Andrews></TR

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></TABLE

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><HR

1e107b3d7b54de5022c3328423164e533afcc15eMark AndrewsWIDTH="100%"></DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><H1

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>Chapter 7. <SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>BIND</SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> 9 Security Considerations</A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></H1

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein><DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><DL

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><DT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><B

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein>Table of Contents</B

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein></DT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><DT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>7.1. <A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>Access Control Lists</A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></DT

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein><DT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>7.2. <A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>chroot</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> and <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>setuid</B

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein> (for

ab023a65562e62b85a824509d829b6fad87e00b1Rob AusteinUNIX servers)</A

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein></DT

ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein><DT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>7.3. <A

be2c2c29a88db96bd51f11d671ec207f0b6b0d45Mark Andrews>Dynamic Update Security</A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></DT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></DL

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><H1

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>7.1. Access Control Lists</A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></H1

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>Access Control Lists (ACLs), are address match lists that

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsyou can set up and nickname for future use in <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>allow-notify</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>,

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews<B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>allow-query</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>, <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>allow-recursion</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>,

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews<B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>blackhole</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>, <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>allow-transfer</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>,

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsetc.</P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>Using ACLs allows you to have finer control over who can access

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsyour nameserver, without cluttering up your config files with huge

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewslists of IP addresses.</P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>It is a <I

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>good idea</I

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> to use ACLs, and to

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewscontrol access to your server. Limiting access to your server by

18d0b5e54be891a1aa938c165b6d439859121ec8Mark Andrewsoutside parties can help prevent spoofing and DoS attacks against

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsyour server.</P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>Here is an example of how to properly apply ACLs:</P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><PRE

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>&#13;// Set up an ACL named "bogusnets" that will block RFC1918 space,

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews// which is commonly used in spoofing attacks.

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsacl bogusnets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews// Set up an ACL called our-nets. Replace this with the real IP numbers.

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsacl our-nets { x.x.x.x/24; x.x.x.x/21; };

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsoptions {

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews ...

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews ...

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews allow-query { our-nets; };

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews allow-recursion { our-nets; };

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews ...

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews blackhole { bogusnets; };

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews ...

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews};

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewszone "example.com" {

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews type master;

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews file "m/example.com";

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews allow-query { any; };

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews};

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews</PRE

18d0b5e54be891a1aa938c165b6d439859121ec8Mark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>This allows recursive queries of the server from the outside

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsunless recursion has been previously disabled.</P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>For more information on how to use ACLs to protect your server,

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewssee the <I

18d0b5e54be891a1aa938c165b6d439859121ec8Mark Andrews>AUSCERT</I

18d0b5e54be891a1aa938c165b6d439859121ec8Mark Andrews> advisory at

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews<A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos</A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><H1

18d0b5e54be891a1aa938c165b6d439859121ec8Mark Andrews><A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>7.2. <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>chroot</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> and <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>setuid</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> (for

1e107b3d7b54de5022c3328423164e533afcc15eMark AndrewsUNIX servers)</A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></H1

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>On UNIX servers, it is possible to run <SPAN

18d0b5e54be891a1aa938c165b6d439859121ec8Mark Andrews>BIND</SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> in a <I

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>chrooted</I

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> environment

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews(<B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>chroot()</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>) by specifying the "<TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>-t</TT

be2c2c29a88db96bd51f11d671ec207f0b6b0d45Mark Andrews>"

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsoption. This can help improve system security by placing <SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>BIND</SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> in

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsa "sandbox," which will limit the damage done if a server is compromised.</P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>Another useful feature in the UNIX version of <SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>BIND</SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> is the

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsability to run the daemon as a nonprivileged user ( <TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>-u</TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> <TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><I

be2c2c29a88db96bd51f11d671ec207f0b6b0d45Mark Andrews>user</I

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> ).

1e107b3d7b54de5022c3328423164e533afcc15eMark AndrewsWe suggest running as a nonprivileged user when using the <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>chroot</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> feature.</P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>Here is an example command line to load <SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>BIND</SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> in a <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>chroot()</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> sandbox,

7a272c6b0de3b8c0ad018b9896e287da19c43befAutomatic Updater<B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>/var/named</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>, and to run <B

3f40de5598aaf9fa1aa90d6eb82350152bc66ec8Mark Andrews>named</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>setuid</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> to

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsuser 202:</P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>/usr/local/bin/named -u 202 -t /var/named</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><H2

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>7.2.1. The <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>chroot</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> Environment</A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></H2

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>In order for a <B

7a272c6b0de3b8c0ad018b9896e287da19c43befAutomatic Updater>chroot()</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> environment to

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewswork properly in a particular directory

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews(for example, <TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>/var/named</TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>),

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsyou will need to set up an environment that includes everything

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews<SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>BIND</SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> needs to run.

1e107b3d7b54de5022c3328423164e533afcc15eMark AndrewsFrom <SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>BIND</SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>'s point of view, <TT

5d7849ad7ffc6d08870dbfbc8d6bfffd90007488Tatuya JINMEI 神明達哉>/var/named</TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> is

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsthe root of the filesystem. You will need to adjust the values of options like

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewslike <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>directory</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> and <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>pid-file</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> to account

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsfor this.

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews</P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>&#13;Unlike with earlier versions of BIND, you will typically

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews<I

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>not</I

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> need to compile <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>named</B

5d7849ad7ffc6d08870dbfbc8d6bfffd90007488Tatuya JINMEI 神明達哉>

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsstatically nor install shared libraries under the new root.

5d7849ad7ffc6d08870dbfbc8d6bfffd90007488Tatuya JINMEI 神明達哉However, depending on your operating system, you may need

5d7849ad7ffc6d08870dbfbc8d6bfffd90007488Tatuya JINMEI 神明達哉to set up things like

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews<TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>/dev/zero</TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>,

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews<TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>/dev/random</TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>,

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews<TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>/dev/log</TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>, and/or

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews<TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>/etc/localtime</TT

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>.

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews</P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><H2

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>7.2.2. Using the <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>setuid</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> Function</A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></H2

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>Prior to running the <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>named</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> daemon, use

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsthe <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>touch</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> utility (to change file access and

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsmodification times) or the <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>chown</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> utility (to

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsset the user id and/or group id) on files

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsto which you want <SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>BIND</SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsto write. Note that if the <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>named</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> daemon is running as a

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsnonprivileged user, it will not be able to bind to new restricted ports if the

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsserver is reloaded.</P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><DIV

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><H1

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>7.3. Dynamic Update Security</A

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews></H1

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews><P

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>Access to the dynamic

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsupdate facility should be strictly limited. In earlier versions of

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews<SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>BIND</SPAN

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> the only way to do this was based on the IP

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsaddress of the host requesting the update, by listing an IP address or

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsnetwork prefix in the <B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews>allow-update</B

1e107b3d7b54de5022c3328423164e533afcc15eMark Andrews> zone option.

This method is insecure since the source address of the update UDP packet

is easily forged. Also note that if the IP addresses allowed by the

<B

>allow-update</B

> option include the address of a slave

server which performs forwarding of dynamic updates, the master can be

trivially attacked by sending the update to the slave, which will

forward it to the master with its own source IP address causing the

master to approve it without question.</P

><P

>For these reasons, we strongly recommend that updates be

cryptographically authenticated by means of transaction signatures

(TSIG). That is, the <B

>allow-update</B

> option should

list only TSIG key names, not IP addresses or network

prefixes. Alternatively, the new <B

>update-policy</B

>

option can be used.</P

><P

>Some sites choose to keep all dynamically updated DNS data

in a subdomain and delegate that subdomain to a separate zone. This

way, the top-level zone containing critical data such as the IP addresses

of public web and mail servers need not allow dynamic update at

all.</P

></DIV

></DIV

><DIV

><HR

WIDTH="100%"><TABLE

><TR

><TD

><A

>Prev</A

></TD

><TD

><A

>Home</A

></TD

><TD

><A

>Next</A

></TD

></TR

><TR

><TD

><SPAN

>BIND</SPAN

> 9 Configuration Reference</TD

><TD

>&nbsp;</TD

><TD

>Troubleshooting</TD

></TR

></TABLE

></DIV

></BODY

></HTML

>