dns

djbdns is a very secure suite of DNS tools that consists out of multiple parts: dnscache, a DNS cache that can be used in /etc/resolv.conf instead of your ISP's name servers and that tries to sort out wrong (malicious) DNS answers; axfrdns, a service that runs on the master DNS server and to which the slaves connect for zone transfers; and tinydns, the actual DNS server, a very secure replacement for BIND.

By hiding out DNS server version number you can improve server security. fpdns is a program that remotely determines DNS server versions. It does this by sending a series of borderline DNS queries which are compared against a table of responses and server versions. (just like nmap command's remote OS detection facility).

A nameserver basically responds to a query. Interoperability is an obvious requirement here. The standard protocol behavior of different DNS implementations is expected to be the same.

In this tutorial I will describe how to install and configure MyDNS and MyDNSConfig on Fedora 8. MyDNS is a DNS server that uses a MySQL database as backend instead of configuration files like, for example, Bind or djbdns. The advantage is that MyDNS simply reads the records from the database, and it does not have to be restarted/reloaded when DNS records change or zones are created/edited/deleted. A secondary nameserver can be easily set up by installing a second instance of MyDNS that accesses the same database or, to be more redundant, uses the MySQL master / slave replication features to r

This tutorial shows how to set up a CentOS 5.1 based server that offers all services needed by ISPs and web hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota, Firewall, etc.

This tutorial shows how to set up an Ubuntu Gutsy Gibbon (Ubuntu 7.10) based server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Courier POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the 32-bit version of Ubuntu Gutsy Gibbon, but should apply to the 64-bit version with very little modifications as well.

This is a detailed description about how to set up an OpenSUSE 10.3 server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Dovecot POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the 32-bit version of OpenSUSE 10.3, but should apply to the 64-bit version with very little modifications as well.

DNS server can be attacked using various techniques such as:
[a] DNS spoofing

[b] Cache poisoning

[c] Registration hijacking

One of the simplest ways to defend is limit zone transfers between nameservers by defining ACL. I see many admin allows BIND to transfer zones in bulk outside their network or organization. There is no need to do this. Remember you don't have to make an attacker's life easier.

Restricting zone transfers with IP addresses in BIND DNS Server

This tutorial shows how to set up a Gentoo 2007.0 based server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Courier POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the x86 version of Gentoo 2007.0, but should apply to other architectures with very little modification.

This tutorial will guide you through the installation and configuration of Lintrack, a GNU/Linux distribution specialized in networking tasks. We will give two LANs access to the internet along with DHCP and DNS cache servers, and then we will connect our networks using OpenVPN in bridging mode. You should be running all these in well under an hour, thanks to the unified configuration interface of Lintrack.

Building a local DNS cache will speed up your internet connection since the time for the translation job (converting domain names into IP addresses) will become negligible with the assumption that the DNS cache gets the information from the parent DNS.