Bv9ARM.ch07.html revision 575e532437cf7f203707765e21767db92fa1e480
689023771c563d8660e45d439a207e06e96de28fMark Andrews<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
689023771c563d8660e45d439a207e06e96de28fMark Andrews>BIND 9 Security Considerations</TITLE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="GENERATOR"
689023771c563d8660e45d439a207e06e96de28fMark AndrewsCONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTITLE="BIND 9 Administrator Reference Manual"
689023771c563d8660e45d439a207e06e96de28fMark AndrewsREL="PREVIOUS"
689023771c563d8660e45d439a207e06e96de28fMark AndrewsTITLE="BIND 9 Configuration Reference"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTITLE="Troubleshooting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="chapter"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinBGCOLOR="#FFFFFF"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTEXT="#000000"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinLINK="#0000FF"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVLINK="#840084"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALINK="#0000FF"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="NAVHEADER"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinSUMMARY="Header navigation table"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="0"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLSPACING="0"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="center"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND 9 Administrator Reference Manual</TH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="bottom"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinACCESSKEY="P"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="center"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="bottom"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="right"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinVALIGN="bottom"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinACCESSKEY="N"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="chapter"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Chapter 7. <ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND</ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9 Security Considerations</H1
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Table of Contents</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch07.html#Access_Control_Lists"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Access Control Lists</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinUNIX servers)</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="Bv9ARM.ch07.html#dynamic_update_security"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Dynamic Update Security</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="Access_Control_Lists"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>7.1. Access Control Lists</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Access Control Lists (ACLs), are address match lists that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinyou can set up and nickname for future use in <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-notify</B
4f6469885c3d66367e3f8fb94e1f3c66115990b0Mark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-query</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-recursion</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>blackhole</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-transfer</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Using ACLs allows you to have finer control over who can access
4f6469885c3d66367e3f8fb94e1f3c66115990b0Mark Andrewsyour name server, without cluttering up your config files with huge
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinlists of IP addresses.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>It is a <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>good idea</I
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> to use ACLs, and to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincontrol access to your server. Limiting access to your server by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoutside parties can help prevent spoofing and DoS attacks against
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinyour server.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Here is an example of how to properly apply ACLs:</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="programlisting"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> // Set up an ACL named "bogusnets" that will block RFC1918 space,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein// which is commonly used in spoofing attacks.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinacl bogusnets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein// Set up an ACL called our-nets. Replace this with the real IP numbers.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow-query { our-nets; };
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow-recursion { our-nets; };
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein blackhole { bogusnets; };
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein type master;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow-query { any; };
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>This allows recursive queries of the server from the outside
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinunless recursion has been previously disabled.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>For more information on how to use ACLs to protect your server,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinsee the <SPAN
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> advisory at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHREF="ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinTARGET="_top"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
689023771c563d8660e45d439a207e06e96de28fMark AndrewsCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN4741"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinUNIX servers)</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>On UNIX servers, it is possible to run <ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND</ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> environment
689023771c563d8660e45d439a207e06e96de28fMark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>) by specifying the "<VAR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="option"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoption. This can help improve system security by placing <ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND</ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeina "sandbox", which will limit the damage done if a server is compromised.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Another useful feature in the UNIX version of <ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND</ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinability to run the daemon as an unprivileged user ( <VAR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="option"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="replaceable"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinWe suggest running as an unprivileged user when using the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> feature.</P
689023771c563d8660e45d439a207e06e96de28fMark Andrews>Here is an example command line to load <ACRONYM
4f6469885c3d66367e3f8fb94e1f3c66115990b0Mark AndrewsCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND</ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>, and to run <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="userinput"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN4764"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>7.2.1. The <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> Environment</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>In order for a <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> environment to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinwork properly in a particular directory
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein(for example, <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinyou will need to set up an environment that includes everything
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND</ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> needs to run.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinFrom <ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND</ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>'s point of view, <TT
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinthe root of the filesystem. You will need to adjust the values of options like
689023771c563d8660e45d439a207e06e96de28fMark AndrewsCLASS="command"
4f6469885c3d66367e3f8fb94e1f3c66115990b0Mark Andrews>directory</B
689023771c563d8660e45d439a207e06e96de28fMark AndrewsCLASS="command"
4f6469885c3d66367e3f8fb94e1f3c66115990b0Mark Andrews> Unlike with earlier versions of BIND, you will typically
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="emphasis"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> need to compile <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinstatically nor install shared libraries under the new root.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinHowever, depending on your operating system, you may need
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto set up things like
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="filename"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect2"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="AEN4782"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>7.2.2. Using the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> Function</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Prior to running the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> daemon, use
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> utility (to change file access and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmodification times) or the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> utility (to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto which you want <ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND</ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinto write. Note that if the <B
689023771c563d8660e45d439a207e06e96de28fMark AndrewsCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> daemon is running as an
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinunprivileged user, it will not be able to bind to new restricted ports if the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinserver is reloaded.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="sect1"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinNAME="dynamic_update_security"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>7.3. Dynamic Update Security</A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Access to the dynamic
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinupdate facility should be strictly limited. In earlier versions of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND</ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> the only way to do this was based on the IP
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinaddress of the host requesting the update, by listing an IP address or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinnetwork prefix in the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-update</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> zone option.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinThis method is insecure since the source address of the update UDP packet
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinis easily forged. Also note that if the IP addresses allowed by the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-update</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> option include the address of a slave
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinserver which performs forwarding of dynamic updates, the master can be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeintrivially attacked by sending the update to the slave, which will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinforward it to the master with its own source IP address causing the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinmaster to approve it without question.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>For these reasons, we strongly recommend that updates be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeincryptographically authenticated by means of transaction signatures
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein(TSIG). That is, the <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>allow-update</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> option should
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinlist only TSIG key names, not IP addresses or network
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinprefixes. Alternatively, the new <B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="command"
689023771c563d8660e45d439a207e06e96de28fMark Andrews>update-policy</B
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinoption can be used.</P
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Some sites choose to keep all dynamically updated DNS data
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinin a subdomain and delegate that subdomain to a separate zone. This
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinway, the top-level zone containing critical data such as the IP addresses
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinof public web and mail servers need not allow dynamic update at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="NAVFOOTER"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinSUMMARY="Footer navigation table"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLPADDING="0"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCELLSPACING="0"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinACCESSKEY="P"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="center"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinACCESSKEY="H"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="right"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinACCESSKEY="N"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinCLASS="acronym"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>BIND</ACRONYM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein> 9 Configuration Reference</TD
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="center"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob AusteinALIGN="right"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein>Troubleshooting</TD