Bv9ARM.ch07.html revision 85d259b3cf22bdbf7c1c1dadd95dfea4d5a84375
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - Copyright (C) 2000-2003 Internet Software Consortium.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - Permission to use, copy, modify, and/or distribute this software for any
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - purpose with or without fee is hereby granted, provided that the above
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin - copyright notice and this permission notice appear in all copies.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - PERFORMANCE OF THIS SOFTWARE.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<!-- $Id$ -->
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<title>Chapter�7.�BIND 9 Security Considerations</title>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="prev" href="Bv9ARM.ch06.html" title="Chapter�6.�BIND 9 Configuration Reference">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="next" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<tr><th colspan="3" align="center">Chapter�7.�<acronym class="acronym">BIND</acronym> 9 Security Considerations</th></tr>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch08.html">Next</a>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<a name="Bv9ARM.ch07"></a>Chapter�7.�<acronym class="acronym">BIND</acronym> 9 Security Considerations</h2></div></div></div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2606438"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2606519">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2606579">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="titlepage"><div><div><h2 class="title" style="clear: both">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<a name="Access_Control_Lists"></a>Access Control Lists</h2></div></div></div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Access Control Lists (ACLs) are address match lists that
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin you can set up and nickname for future use in <span><strong class="command">allow-notify</strong></span>,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">allow-query</strong></span>, <span><strong class="command">allow-query-on</strong></span>,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">allow-recursion</strong></span>, <span><strong class="command">allow-recursion-on</strong></span>,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">blackhole</strong></span>, <span><strong class="command">allow-transfer</strong></span>,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Using ACLs allows you to have finer control over who can access
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin your name server, without cluttering up your config files with huge
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin lists of IP addresses.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin It is a <span class="emphasis"><em>good idea</em></span> to use ACLs, and to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin control access to your server. Limiting access to your server by
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin outside parties can help prevent spoofing and denial of service (DoS) attacks against
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin your server.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Here is an example of how to properly apply ACLs:
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin// Set up an ACL named "bogusnets" that will block
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin// RFC1918 space and some reserved space, which is
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin// commonly used in spoofing attacks.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chinacl bogusnets {
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin// Set up an ACL called our-nets. Replace this with the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin// real IP numbers.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin allow-query { our-nets; };
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin allow-recursion { our-nets; };
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin blackhole { bogusnets; };
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin type master;
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin allow-query { any; };
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin This allows recursive queries of the server from the outside
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin unless recursion has been previously disabled.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="titlepage"><div><div><h2 class="title" style="clear: both">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<a name="id2606438"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin in a <span class="emphasis"><em>chrooted</em></span> environment (using
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin the <span><strong class="command">chroot()</strong></span> function) by specifying
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin the "<code class="option">-t</code>" option for <span><strong class="command">named</strong></span>.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin This can help improve system security by placing
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <acronym class="acronym">BIND</acronym> in a "sandbox", which will limit
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin the damage done if a server is compromised.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Another useful feature in the UNIX version of <acronym class="acronym">BIND</acronym> is the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin ability to run the daemon as an unprivileged user ( <code class="option">-u</code> <em class="replaceable"><code>user</code></em> ).
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin We suggest running as an unprivileged user when using the <span><strong class="command">chroot</strong></span> feature.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Here is an example command line to load <acronym class="acronym">BIND</acronym> in a <span><strong class="command">chroot</strong></span> sandbox,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <span><strong class="command">/var/named</strong></span>, and to run <span><strong class="command">named</strong></span> <span><strong class="command">setuid</strong></span> to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <strong class="userinput"><code>/usr/local/sbin/named -u 202 -t /var/named</code></strong>
<a name="id2606519"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
From <acronym class="acronym">BIND</acronym>'s point of view, <code class="filename">/var/named</code> is
like <span><strong class="command">directory</strong></span> and <span><strong class="command">pid-file</strong></span> to account
<span class="emphasis"><em>not</em></span> need to compile <span><strong class="command">named</strong></span>
<a name="id2606579"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>