[ale] DNS best practices

Jonathan Rickman jdr at xcorps.net
Sat Dec 18 22:12:47 EST 2004


> You can also use tiny DNS if security is imperative. TinyDNS 
> is super easy to setup, and contains the essentials required 
> to run DNS. There is a $500 reward to exploit it, and no one 
> has claimed the cash yet.

I second that motion, with enthusiasm. I also recommend running a true
split-split DNS. One on the inside for convenience (any product) and one
outside (tiny). The two should not talk to each other, and the outside
system should not handle recursive queries or allow zone transfers. If you
have a secondary external server off-site, update it manually unless you
have more than 100 hosts. 

--
Jonathan



More information about the Ale mailing list