Firewall Wizards mailing list archives
Re: Does blocking TCP DNS packets keep your Bind safe?
From: Darren Reed <darrenr () reed wattle id au>
Date: Wed, 14 Mar 2001 08:56:37 +1100 (EST)
In some email I received from Todd, sie wrote:
ben, all, i have to agree with this sentiment. because of the well-known "inbound traffic problem" that i believe marcus identified and certainly has described most adequately, it is necessary to allow some traffic in through a firewall, if we want to offer any network-based services. that traffic should be directed to a secure service running on a well-administered machine. dns is certainly one of the services we want to offer. since the ISC have proven that they are incapable of secure coding, we should look at alternatives. thankfully, there is one: djbdns from dan bernstein is secure, extremely fast, and easy to set up and administer. i'd encourage anyone who cares about security and understands the inbound traffic problem to seriously consider it.
I think you're taking too hard a line on the ISC there. BIND is written in C and for better or worse, C is *HARD* to program in a secure and safe manner, especially when you have an application as large and complex as BIND is. The only way to run applications, such as BIND, is as non-root and in a chroot'd environment. BIND makes it rather easy to do this. Maybe sendmail and BIND need to be rewritten in java ? ;) Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Does blocking TCP DNS packets keep your Bind safe?, (continued)
- Re: Does blocking TCP DNS packets keep your Bind safe? David Lang (Mar 10)
- Does blocking TCP DNS packets keep your Bind safe? Don Kendrick (Mar 09)
- Re: Does blocking TCP DNS packets keep your Bind safe? John Adams (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? Crist Clark (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? Jeff Sedayao (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? Andrew Huffer (Mar 10)
- Re: Does blocking TCP DNS packets keep your Bind safe? Bill_Royds (Mar 10)
- RE: Does blocking TCP DNS packets keep your Bind safe? Ben Nagy (Mar 11)
- Re: Does blocking TCP DNS packets keep your Bind safe? Luca Berra (Mar 13)
- RE: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 13)
- Re: Does blocking TCP DNS packets keep your Bind safe? Darren Reed (Mar 14)
- Re: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 14)
- Re: Does blocking TCP DNS packets keep your Bind safe? Darren Reed (Mar 14)
- RE: Does blocking TCP DNS packets keep your Bind safe? Todd (Mar 16)