Domain Name Services

• Disable DNS daemon on any system
Apply all vendor patches
Hide ¡±Version String¡± to complicate automated scans and attacks
Permit zone transfers only to secondary DNS in your domain
Chroot DNS http://www.losurs.org/docs/howto/Chroot-BIND.html
Disable recursion and glue fetching to defend against DNS cache poisoning