You want a secure and fast DNS server that must also be quickly accessible remotely.

You want a secure and fast DNS server that must also be quickly accessible remotely. You should:

You want a secure and fast DNS server that must also be quickly accessible remotely. You should:

A.
Reject all udp packets.

B.
Reject all icmp packets.

C.
Reject all icmp untrusted-host packets.

D.
Disable inetd, run ssh and named as standalone daemons.

E.
Use tcpwrappers to only allow connections to ports 22 and 53.

Explanation:
If you want a dedicated DNS server, that must be accessible remotely, you should run named and sshd as standalone services, and not with the inetd (or xinetd).
+ tcpwrappers can not block connections to specific ports ???



Leave a Reply 0

Your email address will not be published. Required fields are marked *