Securing the BIND DNS server
Two articles have been written, the focus of updates is on the v9 paper:
- Hardening BIND v8: bind_hardening8.html
- Running BIND v9 DNS Server securely: bind9_20010430.html
The Bind V9 paper walks through compiling, installing and configuring a chroot'ed BIND v9 on Solaris 2.6 and 8. It also presents examples of advanced topics such as TSIGs and dynamic updates. It is specific to version 9 but aims to help existing BIND 8 administrators realize what is involved in migrating to v9.
Although originally written in 2001, information may still be relevant to you, I no longer have productive Solaris servers - everything on Liinux these days.
- If installing Bind from scratch now, I'd suggest using firewalled Debian or Ubuntu LTS as the base OS with the standard packages and regular updates.
- I've used several products in the years since the artciles above were written: Products like PowerDNS with its DB backends for more complex sites and dnsmasq for smallish organisations.
- More recent reading: Wikipedia, The measurement factory, the O'Reilly book has been updated for IPv6 too.