Laura Nuņez wrote:
>
> Hi all,
> I am trying to find any tool to pen test a DNS server, or
> documentation about best practices to set it up.
> I have this, by the moment
> - Disable Zone Transfers
> - Assign reverse DNS to only those host that require it
> - Split DNS for internal hosts
> - Apply fixes, version upgrades to avoid known
> vulnerabilities
> - Don't include additional info records,
>
> Thare is something else i should account? Or tools to check this
> automatically? I have been using SamSpade for Zone Transfers.
There is a DNS audit document floating somewhere on the Internet -
e-mail me if you don't find anything promising.
I'm about to review DNS Expert from Mice and Men - no idea yet but it
gets good reviews - some security stuff is hard to automate as it
implies you need to have both valid and invalid IP - nslookup can do
zone transfers so no need to install extra software everywhere.
Delegation problems are one of the most common - affects resistance to
DoS if your delegation is iffy, inappropriate use of CNAME's,
inconsistent SOA's, BIND version is returned (for the paranoid),
inappropriate use of DDNS.
I keep adding stuff to my list of things to check for my DNS audits....
Simon
--
Want to learn about Linux? Get it installed?
Devon and Cornwall LUG Event for UK Linux Day
Exeter University - Sunday April 29th 2001 10:00 to 17:00
www.linuxday.org.uk or join D&C LUG www.lug.termisoc.org
Received on Mar 08 2001
Intro
