1. Setting up and configuring a BIND DNS server

BIND is a feature-rich DNS server that is fully compliant with the Internet Engineering Task Force (IETF) DNS standards and draft standards. For example, administrators frequently use BIND as:

• Caching DNS server in the local network
• Authoritative DNS server for zones
• Secondary server to provide high availability for zones

1.1. Considerations about protecting BIND with SELinux or running it in a change-root environment

To secure a BIND installation, you can:

• Run the named service without a change-root environment. In this case, SELinux in enforcing mode prevents exploitation of known BIND security vulnerabilities. By default, Red Hat Enterprise Linux uses SELinux in enforcing mode.Run the named-chroot service in a change-root environment.
  Using the change-root feature, administrators can define that the root directory of a process and its sub-processes is different to the / directory. When you start the named-chroot service, BIND switches its root directory to /var/named/chroot/. As a consequence, the service uses mount --bind commands to make the files and directories listed in /etc/named-chroot.files available in /var/named/chroot/, and the process has no access to files outside of /var/named/chroot/.
• If you decide to use BIND:
• In normal mode, use the named service.
• In a change-root environment, use the named-chroot service. This requires that you install, additionally, the named-chroot package.

Waiting to update...