Networking / Beginners

Running BIND with Least Privileges

BIND should be run under the user or group that has the minimum number of rights or privileges on that system. These rights should just be enough for the name server to run. If a hacker gets into the system running BIND as root, the hacker will get full access to the file system. In addition, the hacker is able to execute any command using the root privileges, which is potentially very dangerous.

Versions 8.1.2 and later of BIND provide the facilities of running BIND under another user or group with less privileges.

BIND Versions

BIND has been constantly evolving. The newer versions are definitely more secure than their earlier counterparts. It is always recommended to install the latest version of BIND. The administrator should keep track of the latest versions available on the Web at www.isc.org/BIND. At this site, you also can find the list of vulnerabilities of various BIND versions.

It is not desirable to let the hacker know which version of BIND you are using. The version number should be removed so that it cannot be revealed using version.bind query. This facility is available in Version 8.2 and later.

Transaction Signatures

Transaction Signatures (TSIG) is a security measure implemented in BIND Version 8.2 and above. This concept provides security with flexibility and without compromising on performance.

TSIG record is added to the DNS message data by the name server. The TSIG is calculated using a one-way hash function. This function computes a hash value based on each and every bit of the message data and a few other fields I will discuss later. The resulting hash function is secure because it cannot be reversed and changes dramatically even with a minor change in the input used for computing it.

The MD5 hashing technique is widely used for storing passwords over the Internet. TSIG uses a modified version of MD5 called HMAC-MD5, which requires a key and computes a 128-bit hash value using the message data and the key as input.

First a secret code is decided between the sender and the receiver, which is keyed with the hash value. This secret key has two advantages, as discussed in the following list:

  • It ensures that the message originates from a reliable and expected source.
  • It ensures that the message was not altered after the time it was signed by the sender.

Once the TSIG record and message is ready, it is sent by the signer. After receiving the signed message, the receiver first removes the TSIG record and checks it. At this point, no data is cached; caching is done only when it is confirmed that the message is genuine. These security measures help in combating hackers who try to attack by capturing authorized (signed) messages and then sending them again at their own convenience.

TSIG is used for securing zone transactions, queries, responses, and dynamic updates. In BIND 8, the TSIG key is created using the dnskeygen program included in it.

[Previous] [Contents] [Next]