About Security

Network and computer security used to be an obscure subject. These days, though, anyone administering computers and network services should have some knowledge of it to do their job properly. This is especially true for DNS administrators because of the key role DNS plays on the network.

Some years ago, it was not uncommon to run BIND unprotected on firewalls and other critical machines because BIND was thought to be a safe program. But that was before stack overruns and other powerful exploit methods became commonplace. Security mailing lists, such as Bugtraq, now announce such attacks weekly if not several times daily (but to be fair, not very often against BIND), often with code to demonstrate the weakness. These days, no software should be considered safe. If you just got worried about your firewall security, read this chapter and then go fix it.

To keep up with DNS security developments, you should, at the very least, read the bind-announce mailing list. However, you really should also read the bind-users list (both these lists are described in Chapter 15, "Compiling and Maintaining BIND"). Another excellent source of security information not only about BIND is the Bugtraq mailing list. Bugtraq is hosted by Security Focus, which has a Web site at http://www.securityfocus.com/. Check the Forums section on the Web site or mail your subscribe bugtraq lastname, firstname message to listserv@securityfocus.com, filling in your name, of course. Another good source of computer security information is the SANS Institute at http://www.sans.org; they have some mailing lists and digests that are worth subscribing to.