Date: Mon, 22 Apr 2002 10:03:01 -0400 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: Mario Lobo <Mlobo@ear.com.br> Cc: freebsd-security@freebsd.org Subject: Re: DNS Question Message-ID: <20020422100301.A46936@cowbert.2y.net> In-Reply-To: <3CC3C250.28097.2D5EA4@localhost>; from Mlobo@ear.com.br on Mon, Apr 22, 2002 at 07:57:08AM -0300 References: <3CC3C250.28097.2D5EA4@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Bind has a notorious security track record. Are you running named in a jail? If you can't do that, at least run it chrooted in a sandbox. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html has some basic basic methods of locking it down. On Mon, Apr 22, 2002 at 07:57:08AM -0300, Mario Lobo wrote: > Hi; > > I have a DNS (named) server running on a FreeBSD 4.4 box firewall. > > ipfw allows queries to ports 53 and 1024 from any IP inside the private > network (internal interface) and only certain ISP IPs on the external > interface. > > I need to open those ports to any IP on the external interface. > > Is there any security concerns I should have if I do this ? The only > services I have running are ssh (restricted to specific IPs) and squid > (local only). > > Thanks, - > *** Mario Lobo > *** Dean of Computer Department > *** American School of Recife > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Residential Life | Programmer Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ 860.427.4542 (Room) 860.486.1899 (Lab) 203.206.3784 (Cellphone) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020422100301.A46936>