BIND DNS Security Vulnerabilities and Configuration

BIND DNS Security Vulnerabilities and Configuration
Slide Note
Embed
Share

Dive into the world of BIND DNS with a focus on security vulnerabilities, zone transfer restrictions, rate limiting, and essential configuration options. Explore key topics such as ISC mailing lists, CVE announcements, and best practices for setting up BIND DNS servers.

  • BIND DNS
  • Security
  • Vulnerabilities
  • Configuration
  • Zone Transfer
taki_11
taki_11 Follow

Uploaded on Sep 07, 2024 | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. DNS 1

  2. Bind BIND 9 Security Vulnerability Matrix ISC mailing lists Bind Rate limit Zone Transfer TSIG Zone Transfer

  3. Bind (1) 9.9.9 9.10.4 9.11.0 3

  4. Bind (2) BIND 9 Security Vulnerability Matrix 4

  5. Bind (3) ISC mailing lists bind-announce CVE bind-users Bind 5

  6. Bind (4) gcc, make, openssl, libxm2 named Version $ named -Version BIND 9.9.9-P3 (Extended Support Version) <id:1b68143> running on Linux x86_64 2.6.32-431.29.2.el6.x86_64 #1 SMP Tue Sep 9 21:36:05 UTC 2014 built by make with '--prefix=/usr' '--sysconfdir=/etc' '--localstatedir=/var' '--enable-ipv6' '--enable-threads' '--enable-rrl' compiled by GCC 4.4.7 20120313 (Red Hat 4.4.7-4) compiled with OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013 linked to OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013 compiled with libxml2 version: 2.7.6 linked to libxml2 version: 20706 6

  7. Bind (5) ./configure make DNS bind DNS bind make install bind Getting started with BIND - how to build and run named with a basic recursive configuration 7

  8. Bind BIND 9 Security Vulnerability Matrix ISC mailing lists Bind Rate limit Zone Transfer TSIG Zone Transfer

  9. Bind (1) acl acl-name { address_match_list }; acl allowips" { 10.0.1.1; 192.168.0.0/30; // 4 IPs }; zone "example.com" { type slave; file "slave.example.com"; allow-notify { "allowips"; }; }; 9

  10. Bind (2) allow-query /etc/named.conf options { allow-query { any; }; } recursion /etc/named.conf options { recursion no; } 10

  11. Bind (3) Rate limit options { logging { rate-limit { channel rate_log { file "/Path/to/log" versions 3 size 10m; severity info; print-severity no; print-time yes; }; category rate-limit { rate_log;}; responses-per-second 10; nxdomains-per-second 5; exempt-clients { 61.220.0.0/20; 173.194.93.0/24; }; log-only no; }; }; }; 11

  12. Bind (4) Zone Transfer /etc/named.conf options { allow-transfer { 192.168.0.1; 10.0.1.1; }; }; 12

  13. Bind (5) TSIG Zone Transfer Master /etc/named.conf key KEYNAME" { algorithm hmac-md5; secret KEY_STRING"; }; options { allow-transfer { key KEYNAME; }; }; 13

  14. Bind (6) TSIG Zone Transfer Slave /etc/named.conf key KEYNAME" { algorithm hmac-md5; secret KEY_STRING"; }; server Master_IP_address { keys { KEYNAME; }; }; 14

  15. Bind (7) TSIG Zone Transfer Log Slave dd-mm-YYYY HH:MM:SS.sss zone DomainName/IN: Transfer started. dd-mm-YYYY HH:MM:SS.sss transfer of 'DomainName/IN' from Master_IP_address#53: connected using Slave_IP_address#54518 dd-mm-YYYY HH:MM:SS.sss zone DomainName/IN: transferred serial 1479862862: TSIG 'KEYNAME' dd-mm-YYYY HH:MM:SS.sss transfer of 'DomainName/IN' from Master_IP_address#53: Transfer status: success dd-mm-YYYY HH:MM:SS.sss transfer of 'DomainName/IN' from Master_IP_address#53: Transfer completed: 1 messages, 6 records, 279 bytes, 0.001 secs (279000 bytes/sec) Master dd-mm-YYYY HH:MM:SS.sss client Slave_IP_address#54518/key KEYNAME (DomainName): transfer of 'DomainName/IN': AXFR-style IXFR started: TSIG KEYNAME dd-mm-YYYY HH:MM:SS.sss client Slave_IP_address#54518/key KEYNAME (DomainName): transfer of 'DomainName/IN': AXFR-style IXFR ended 15

  16. 16

Related


Roadmap for DNS Load Balancing Service at CERN - HEPiX Autumn 2020 Workshop

Roadmap for DNS Load Balancing Service at CERN - HEPiX Autumn 2020 Workshop

norbert
Software Security Principles and Practices: Enhancing Program Code Security

Software Security Principles and Practices: Enhancing Program Code Security

abcde
Domain Name Service (DNS) in Linux Network Administration

Domain Name Service (DNS) in Linux Network Administration

teey962
The Double Bind: Challenges for Women of Color in STEM

The Double Bind: Challenges for Women of Color in STEM

joa_mal
Automating DNS Maintenance with Catalog Zones: A New Approach

Automating DNS Maintenance with Catalog Zones: A New Approach

kkai
Domain Name System (DNS) and Content Distribution Networks (CDNs)

Domain Name System (DNS) and Content Distribution Networks (CDNs)

idecl
DNS Forensics & Protection: Analyzing and Securing Network Traffic

DNS Forensics & Protection: Analyzing and Securing Network Traffic

hanish
Security Threats and Vulnerabilities in Computer Systems

Security Threats and Vulnerabilities in Computer Systems

nathanlo
DNS Performance and Issues in Information-Centric Networks

DNS Performance and Issues in Information-Centric Networks

jennli
DNS Flag Day and EDNS: A Comprehensive Overview

DNS Flag Day and EDNS: A Comprehensive Overview

tri_m
DNS Testing and Signatures Rollover Analysis

DNS Testing and Signatures Rollover Analysis

naif959
Improving DNS Security with KINDNS Best Practices

Improving DNS Security with KINDNS Best Practices

ceis
DNS Centrality: The Internet's Core Challenge

DNS Centrality: The Internet's Core Challenge

aren_ete
Challenges of DNS Centrality in Internet Infrastructure

Challenges of DNS Centrality in Internet Infrastructure

jessic
The Domain Name System (DNS) Structure

The Domain Name System (DNS) Structure

paj
Proactive Network Protection Through DNS Security Insights

Proactive Network Protection Through DNS Security Insights

rserv
Network Security Fundamentals

Network Security Fundamentals

chae_220
Network Security Vulnerabilities and Attacks

Network Security Vulnerabilities and Attacks

leyo_5
DNS Security Mechanisms

DNS Security Mechanisms

lunau
Basic Web Security Model for Secure Electronic Commerce

Basic Web Security Model for Secure Electronic Commerce

ezikiel
DNSSEC: Adding Digital Signatures to DNS Responses

DNSSEC: Adding Digital Signatures to DNS Responses

sdaco
DNS Registration: Importance and Process Explained

DNS Registration: Importance and Process Explained

ajas

More Related Content