Restrict Access to All Key Files – permissions
Details The TSIG keys should be readable only by the named and root accounts. No other user accounts or groups...
- Home
- Security Hardening
- CIS Bind DNS V3.0.1 Caching Only Name Server
CIS Bind DNS V3.0.1 Caching Only Name Server
Restrict Access to All Key Files – user root/named
Details The TSIG keys should be readable only by the named and root accounts. No other user accounts or groups...Restrict Access to All Key Files – group root/named
Details The TSIG keys should be readable only by the named and root accounts. No other user accounts or groups...Restrict Queries of the Cache – Caching Only
Details The BIND option allow-query-cache may be used to restrict or allow BIND to provide answers to queries from the...Restrict Query Origins
Details BIND can be configured to restrict access to its query services based on source IP address. It is recommended...Restrict Recursive Queries – Caching Name Server
Details A recursive DNS query is your typical DNS query from a client to a caching DNS server. It places...Run BIND as a non-root User – process -u named
Details To start BIND you must execute it as the root user. After the initial startup, BIND has the ability...Run BIND as a non-root User – UID
Details To start BIND you must execute it as the root user. After the initial startup, BIND has the ability...Securely Authenticate Zone Transfers
Details A zone transfer is a mechanism commonly used by DNS deployments to replicate zone information from master/primary servers to...Set Group and Other Permissions Read-Only for All BIND Files
Details All the files in BIND home and run time directories should have group and other permissions set to not...