| View previous topic :: View next topic |
| Author |
Message |
ReD-BaRoN
Apprentice
Joined: 06 Feb 2004
Posts: 208
|
 Posted: Tue Nov 14, 2006 2:31 am Post subject: Bind: Do I need rndc running? |
 |
|
I'm trying to secure my system, and looking to close as many ports as possible. I don't remember ever using rndc, yet bind opens up this socket. Do I need rndc running? If not, how do I prevent it from starting?
Thanks! |
|
| Back to top |
|
 |
rorin
Retired Dev
Joined: 14 Mar 2004
Posts: 29
Location: Maine, USA
|
| Posted: Tue Nov 14, 2006 2:49 pm Post subject: |
|
|
You don't have to have rndc enabled, but it's fairly easy to lock down and there's a good chance that your init scripts use it to control bind.
/etc/bind/named.conf
| Code: |
controls {
inet 127.0.0.1 port 54 allow { localhost;} keys {
"rndc.key";
};
};
|
This means that rndc will only listen to port 54 on the localhost and will only allow the localhost to connect. I suppose you could have it listen on a different port and firewall that off if you wanted to be paranoid.
/etc/bind/rndc.key
| Code: |
key "rndc-key" {
algorithm hmac-md5;
secret "<Some random ASCII Garbage>";
};
|
The above file contains the key and should be chmod'ed 600 so only the owner can read/write.
-Justin |
|
| Back to top |
|
|
|
Networking & Security
