Set Group and Other Permissions Read-Only for BIND Non-Runtime Directories – ‘group’ permissions
Details All the BIND directories except the run-time directories into which BIND will create files should have group and other...
- Home
- Security Hardening
- CIS Bind DNS V3.0.1 Caching Only Name Server
CIS Bind DNS V3.0.1 Caching Only Name Server
Set Group and Other Permissions Read-Only for BIND Non-Runtime Directories – ‘other’ permissions
Details All the BIND directories except the run-time directories into which BIND will create files should have group and other...Set Group named or root for BIND Directories and Files
Details All the BIND directories and files should have a group of either named or root. Rationale: In general the...Set root Ownership of BIND Configuration Files
Details The configuration files in the ISC BIND directories should be owned by root. Of course, any files created at...Set root Ownership of BIND Directories
Details All of the directories under which ISC BIND runs should be owned by root. Of course, any files created...Use a Split-Horizon Architecture
Details Running a Split-Horizon DNS architecture refers to running authoritative DNS servers and services for external DNS queries separate from...Use Secure Upstream Caching DNS Servers
Details Caching name servers often forward queries to another caching name server to allow the name service work to be...Use TSIG Keys 256 Bits in Length
Details The TSIG secret keys used by the name server should be generated from a good source of entropy and...Use Unique Keys for Each Pair of Hosts – unique keys
Details A unique TSIG key should be used for each pair of communicating hosts. For example if there is one...Use Unique Keys for Each Pair of Hosts – unique secret
Details A unique TSIG key should be used for each pair of communicating hosts. For example if there is one...