Words of Wisdom:

"This World Is Filled With Evil Tempertantrums And Sonic Explosions" - Dellarh

Life Style

  • Date Submitted: 08/29/2010 09:59 PM
  • Flesch-Kincaid Score: 59.6 
  • Words: 5451
  • Essay Grade: no grades
  • Report this Essay
Note: This is an historic document. We are no longer maintaining the content, but it may have value for research purposes. Pages linked to from the document may no longer be available.

Securing an Internet Name Server
CERT® Coordination Center
Allen Householder, CERT/CC Brian King, CERT/CC
In collaboration with

Ken Silva, Verisign
Based in part on a presentation originally created by

Cricket Liu

August 2002

CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark Office. Copyright 2002 Carnegie Mellon University

DNS overview
Domain name system (DNS) servers translate names suitable for use by people (such as www.example.com) into network addresses (e.g., suitable for use by computers. There are a number of different name server software packages available today. Berkeley Internet Name Domain (BIND), produced by the Internet Software Consortium (http://www.isc.org), is the most widely deployed name server package, and is available on a wide variety of platforms. Other popular DNS packages include Microsoft DNS and djbdns. The goal of this document is to discuss general name server security. However, in order to provide useful examples we have chosen to focus on BIND since it is the most commonly used software for DNS servers.

Risks to name servers
Name servers exposed to the Internet are subject to a wide variety of attacks: • • • • • Attacks against the name server software may allow an intruder to compromise the server and take control of the host. This often leads to further compromise of the network. Denial of service attacks, even one directed at a single DNS server, may affect an entire network by preventing users from translating hostnames into the necessary IP addresses. Spoofing attacks that try to induce your name server to cache false resource records, and could lead unsuspecting users to unsavory sites. Information leakage from a seemingly innocent zone transfer could expose internal...


Express your owns thoughts and ideas on this essay by writing a grade and/or critique.

  1. No comments