by Allen Householder and Brian King CERT/CC
in collaboration with Ken Silva from Verisign
Domain name system (DNS) servers translate names suitable for use by people (such as www.example.com
) into network addresses (e.g., 192.168.4.22) suitable for use by computers. There are a number of different name server software packages available today. Berkeley Internet Name Domain (BIND), produced by the Internet Software Consortium (http://www.isc.org
), is the most widely deployed name server package, and is available on a wide variety of platforms. Other popular DNS packages include Microsoft DNS and djbdns.
The goal of this document is to discuss general name server security. However, in order to provide useful examples we have chosen to focus on BIND since it is the most commonly used software for DNS servers.
Download the paper in PDF format here