diff options
Diffstat (limited to 'contrib/bind9/doc/arm/Bv9ARM.ch07.html')
| -rw-r--r-- | contrib/bind9/doc/arm/Bv9ARM.ch07.html | 200 |
1 files changed, 0 insertions, 200 deletions
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch07.html b/contrib/bind9/doc/arm/Bv9ARM.ch07.html deleted file mode 100644 index 86c2b6af0642..000000000000 --- a/contrib/bind9/doc/arm/Bv9ARM.ch07.html +++ /dev/null @@ -1,200 +0,0 @@ -<!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") - - Copyright (C) 2000-2003 Internet Software Consortium. - - - - Permission to use, copy, modify, and distribute this software for any - - purpose with or without fee is hereby granted, provided that the above - - copyright notice and this permission notice appear in all copies. - - - - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - - PERFORMANCE OF THIS SOFTWARE. ---> -<!-- $Id: Bv9ARM.ch07.html,v 1.50.2.9.2.24 2005/10/13 02:34:02 marka Exp $ --> -<html> -<head> -<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> -<title>Chapter 7. BIND 9 Security Considerations</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.69.1"> -<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> -<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> -<link rel="prev" href="Bv9ARM.ch06.html" title="Chapter 6. BIND 9 Configuration Reference"> -<link rel="next" href="Bv9ARM.ch08.html" title="Chapter 8. Troubleshooting"> -</head> -<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> -<div class="navheader"> -<table width="100%" summary="Navigation header"> -<tr><th colspan="3" align="center">Chapter 7. <span class="acronym">BIND</span> 9 Security Considerations</th></tr> -<tr> -<td width="20%" align="left"> -<a accesskey="p" href="Bv9ARM.ch06.html">Prev</a> </td> -<th width="60%" align="center"> </th> -<td width="20%" align="right"> <a accesskey="n" href="Bv9ARM.ch08.html">Next</a> -</td> -</tr> -</table> -<hr> -</div> -<div class="chapter" lang="en"> -<div class="titlepage"><div><div><h2 class="title"> -<a name="Bv9ARM.ch07"></a>Chapter 7. <span class="acronym">BIND</span> 9 Security Considerations</h2></div></div></div> -<div class="toc"> -<p><b>Table of Contents</b></p> -<dl> -<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt> -<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2567222"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span> (for -UNIX servers)</a></span></dt> -<dd><dl> -<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2567366">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2567424">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt> -</dl></dd> -<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt> -</dl> -</div> -<div class="sect1" lang="en"> -<div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="Access_Control_Lists"></a>Access Control Lists</h2></div></div></div> -<p>Access Control Lists (ACLs), are address match lists that -you can set up and nickname for future use in <span><strong class="command">allow-notify</strong></span>, -<span><strong class="command">allow-query</strong></span>, <span><strong class="command">allow-recursion</strong></span>, -<span><strong class="command">blackhole</strong></span>, <span><strong class="command">allow-transfer</strong></span>, -etc.</p> -<p>Using ACLs allows you to have finer control over who can access -your name server, without cluttering up your config files with huge -lists of IP addresses.</p> -<p>It is a <span class="emphasis"><em>good idea</em></span> to use ACLs, and to -control access to your server. Limiting access to your server by -outside parties can help prevent spoofing and DoS attacks against -your server.</p> -<p>Here is an example of how to properly apply ACLs:</p> -<pre class="programlisting"> -// Set up an ACL named "bogusnets" that will block RFC1918 space, -// which is commonly used in spoofing attacks. -acl bogusnets { 0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; }; -// Set up an ACL called our-nets. Replace this with the real IP numbers. -acl our-nets { x.x.x.x/24; x.x.x.x/21; }; -options { - ... - ... - allow-query { our-nets; }; - allow-recursion { our-nets; }; - ... - blackhole { bogusnets; }; - ... -}; -zone "example.com" { - type master; - file "m/example.com"; - allow-query { any; }; -}; -</pre> -<p>This allows recursive queries of the server from the outside -unless recursion has been previously disabled.</p> -<p>For more information on how to use ACLs to protect your server, -see the <span class="emphasis"><em>AUSCERT</em></span> advisory at -<a href="ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos" target="_top">ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos</a></p> -</div> -<div class="sect1" lang="en"> -<div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id2567222"></a><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span> (for -UNIX servers)</h2></div></div></div> -<p>On UNIX servers, it is possible to run <span class="acronym">BIND</span> in a <span class="emphasis"><em>chrooted</em></span> environment -(<span><strong class="command">chroot()</strong></span>) by specifying the "<code class="option">-t</code>" -option. This can help improve system security by placing <span class="acronym">BIND</span> in -a "sandbox", which will limit the damage done if a server is compromised.</p> -<p>Another useful feature in the UNIX version of <span class="acronym">BIND</span> is the -ability to run the daemon as an unprivileged user ( <code class="option">-u</code> <em class="replaceable"><code>user</code></em> ). -We suggest running as an unprivileged user when using the <span><strong class="command">chroot</strong></span> feature.</p> -<p>Here is an example command line to load <span class="acronym">BIND</span> in a <span><strong class="command">chroot()</strong></span> sandbox, -<span><strong class="command">/var/named</strong></span>, and to run <span><strong class="command">named</strong></span> <span><strong class="command">setuid</strong></span> to -user 202:</p> -<p><strong class="userinput"><code>/usr/local/bin/named -u 202 -t /var/named</code></strong></p> -<div class="sect2" lang="en"> -<div class="titlepage"><div><div><h3 class="title"> -<a name="id2567366"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div> -<p>In order for a <span><strong class="command">chroot()</strong></span> environment to -work properly in a particular directory -(for example, <code class="filename">/var/named</code>), -you will need to set up an environment that includes everything -<span class="acronym">BIND</span> needs to run. -From <span class="acronym">BIND</span>'s point of view, <code class="filename">/var/named</code> is -the root of the filesystem. You will need to adjust the values of options like -like <span><strong class="command">directory</strong></span> and <span><strong class="command">pid-file</strong></span> to account -for this. -</p> -<p> -Unlike with earlier versions of BIND, you will typically -<span class="emphasis"><em>not</em></span> need to compile <span><strong class="command">named</strong></span> -statically nor install shared libraries under the new root. -However, depending on your operating system, you may need -to set up things like -<code class="filename">/dev/zero</code>, -<code class="filename">/dev/random</code>, -<code class="filename">/dev/log</code>, and/or -<code class="filename">/etc/localtime</code>. -</p> -</div> -<div class="sect2" lang="en"> -<div class="titlepage"><div><div><h3 class="title"> -<a name="id2567424"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div> -<p>Prior to running the <span><strong class="command">named</strong></span> daemon, use -the <span><strong class="command">touch</strong></span> utility (to change file access and -modification times) or the <span><strong class="command">chown</strong></span> utility (to -set the user id and/or group id) on files -to which you want <span class="acronym">BIND</span> -to write. Note that if the <span><strong class="command">named</strong></span> daemon is running as an -unprivileged user, it will not be able to bind to new restricted ports if the -server is reloaded.</p> -</div> -</div> -<div class="sect1" lang="en"> -<div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="dynamic_update_security"></a>Dynamic Update Security</h2></div></div></div> -<p>Access to the dynamic -update facility should be strictly limited. In earlier versions of -<span class="acronym">BIND</span> the only way to do this was based on the IP -address of the host requesting the update, by listing an IP address or -network prefix in the <span><strong class="command">allow-update</strong></span> zone option. -This method is insecure since the source address of the update UDP packet -is easily forged. Also note that if the IP addresses allowed by the -<span><strong class="command">allow-update</strong></span> option include the address of a slave -server which performs forwarding of dynamic updates, the master can be -trivially attacked by sending the update to the slave, which will -forward it to the master with its own source IP address causing the -master to approve it without question.</p> -<p>For these reasons, we strongly recommend that updates be -cryptographically authenticated by means of transaction signatures -(TSIG). That is, the <span><strong class="command">allow-update</strong></span> option should -list only TSIG key names, not IP addresses or network -prefixes. Alternatively, the new <span><strong class="command">update-policy</strong></span> -option can be used.</p> -<p>Some sites choose to keep all dynamically updated DNS data -in a subdomain and delegate that subdomain to a separate zone. This -way, the top-level zone containing critical data such as the IP addresses -of public web and mail servers need not allow dynamic update at -all.</p> -</div> -</div> -<div class="navfooter"> -<hr> -<table width="100%" summary="Navigation footer"> -<tr> -<td width="40%" align="left"> -<a accesskey="p" href="Bv9ARM.ch06.html">Prev</a> </td> -<td width="20%" align="center"> </td> -<td width="40%" align="right"> <a accesskey="n" href="Bv9ARM.ch08.html">Next</a> -</td> -</tr> -<tr> -<td width="40%" align="left" valign="top">Chapter 6. <span class="acronym">BIND</span> 9 Configuration Reference </td> -<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td> -<td width="40%" align="right" valign="top"> Chapter 8. Troubleshooting</td> -</tr> -</table> -</div> -</body> -</html> |