DNS Configuration and Management Manual (G06.27+, H06.05+, J06.03+)
Contents
HP DNS Configuration and Management Manual—529432-003
ii
2. BIND 9.x on the NonStop Server (continued)
2. BIND 9.x on the NonStop Server (continued)
DNS Tools and Utilities (continued)
named-bootconf 2-12
nsupdate 2-12
DNS Security Extensions (DNSSEC) Tools 2-13
IPv6 Address Support 2-14
Application Programmatic Interface (API) for DNS 2-17
3. DNS Configuration on the NonStop Server
Starting the named Demon 3-1
Using the Lightweight Resolver 3-1
Lightweight Resolver demon 3-2
Compiling Existing DNS Applications to Use the Lightweight Resolver Library 3-2
Understanding DNS Security Threats 3-3
Local Threats 3-4
Zone Transfer Threat 3-5
Dynamic Update Threat 3-6
Remote Query Threat 3-7
Remote Caching Corruption Threat 3-8
Implementing DNS Security Solutions 3-8
Use ACLs 3-9
Conceal the BIND Version 3-15
Protect the Configuration File: Restrict the Privilege of named and Run It in a
chroot-jail 3-15
Use TSIG 3-16
Configure Views 3-18
Use Firewalls and a Bastion Host
3-19
Use Public Key Cryptography: DNSSEC
3-20
Managing Persistence for the named Process 3-22
Configuring the named Process as a Persistent Process 3-22
Stopping the named Process as a Persistent Process 3-23
Specifying a TCP/IP Process by Using a Runtime Option 3-23
Specifying a Different resolv.conf File 3-23
Specifying Multiple Names in the Resolver by Using Sections 3-24
Tips and Important Tasks 3-26