•
Disable DNS daemon on any system
• Apply all vendor patches
• Hide ¡±Version String¡± to
complicate automated scans and attacks
• Permit zone transfers only
to secondary DNS in your domain
• Chroot DNS http://www.losurs.org/docs/howto/Chroot-BIND.html
• Disable recursion and glue
fetching to defend against DNS cache poisoning
|