Home Server Security Securing DNS
Server SecurityTechnical Articles

Securing DNS

by SupportPRO Admin
written by SupportPRO Admin

DNS is a very important part in any Network. Main objective of securing DNS includes secure exchange of data between DNS servers. Securing DNS queries, Zone transferes and DNS updates can be included in securing DNS. Here, we have mentioned two methods to secure DNS. ie, Securing dns through chroot and by editing named.conf. Please make sure that you have taken the backup of named.conf

1. Securing dns through chroot :-
Chroot function is a powerfull mechanism to secure the system. Chroot command uses a chroot() system call.

a) Configuring the chroot() Directory- While configuring chroot() environment, make sure that most of the directory structure is unwritable by named process.

mkdir /var/named
chown root:daemon /var/named
chmod 511 /var/named

b) Copy Required Binaries – We will already have an existing named.conf and zone files. These files must now be moved into the chroot jail, so that BIND can get at them. named.conf goes in /chroot/named/etc, and the zone files can go in /chroot/named/etc/namedb. For example:

# cp -p /home/abc/bind/etc/named.conf /chroot/named/etc/
# cp -a /home/abc/bind/var/named/* /chroot/named/etc/namedb/
BIND would normally need to write to the namedb directory, but for tightening security, we will not allow it to do this. If your nameserver serves as a slave for any zones, it will need to update these zone files, which means we will have to store them in a separate directory, to which BIND does have write access.

# chown -R named:named /chroot/named/etc/namedb/slave

c) Copy Shared Libraries – In addition to the named-xfer binary, you need to copy all of the shared libraries that are required by that binary into the chroot() environment. You can use ‘ldd’ command to find out usefull files.
d) Make Devices – In this step, create the device special files that named needs during normal operations. ie, we need a copy of /dev/null in the chroot() area.

cd /var/named
mkdir dev
chown root:daemon dev
chmod 111 dev
mknod dev/null c 2 2
chown root:wheel dev/null
chmod 666 dev/null

e) Copy Other Configuration Files – Create named.conf for your nameservers under /var/named/etc, copy the named.conf file from /etc to here.
After completing this you need to restart the named service.

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

AWS Security – Dealing with Exposed AWS Access...

Enhancing WordPress Performance with AccelerateWP

Ionice Command: Set I/O Scheduling Class and Priority

Outgoing mail issue in Qmail using configured SMTP...

Heroku

Phusion Passenger Server Explained 

CyberPanel Migration

Mail Assure

How to repair boot failure in GRUB 2...

Amazon IVS

Leave a Comment

CONTACT US

Sales and Support

Phone: 1-(847) 607-6123
Fax: 1-(847)-620-0626
Sales: sales@supportpro.com
Support: clients@supportpro.com
Skype ID: sales_supportpro

Postal Address

1020 Milwaukee Ave, #245,
Deerfield, IL-60015
USA

©2022  SupportPRO.com. All Rights Reserved

Twitter Facebook Linkedin Rss