SUMMARY: Standalone External DNS Recommendations

From: Owens, Blaine C <bowens_at_eastman.com>
Date: Mon Oct 01 2001 - 14:39:00 EDT
I summarize what we basically plan to do. Thanks to:
 
Henrik Huhtinen
Brent Killion
Jay Lessert
Sergio Gelato
Mike Peppard
Bill Mooney
Andrew Stueve
Adrian Blount
Vincent Power
Alex Slade
Randy Romero
 
1) Start with a minimal install

2) We compiled BIND 9.1.3 from the source and then distributed (Jumpstart)
it to the DNS servers. Several recommended alternatives to BIND - djbdns
(http://www.djbdns.com), tinydns. It was also recommended to run DNS in a
chrooted jail.

3) Harden the system, you only want to run DNS and possibly ssh
There are several tools and documents available to assist you in hardening a
Solaris system:
Titan http://www.fish.com/titan
JASS http://www.sun.com/security
YAASP http://www.yassp.org
Solaris ASET
<http://www.securityfocus.com/focus/sun/articles/harden1.html> 
<http://www.securityfocus.com/focus/sun/articles/harden2.html> 
<http://www.enteract.com/~lspitz/armoring.html>

4) If going to use ssh also implement TCPWrappers
 
5) Tripwire
 
6) Have the external DNS servers be cache servers from an Internal DNS
server which is authoritative.
 
7) Remove any unneeded accounts from passwd.

8) Put the machine(s) on a switch vs hub.

Blaine Owens
Eastman Chemical Company
Phone - (423)-229-3579
Cell Phone - (423)-817-0704
Fax - (423)-229-1188
bowens@eastman.com

_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Mon Oct 1 13:37:20 2001

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:26 EST