ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvtcpsecdns.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Secure the DNS server" />
<meta name="abstract" content="This article provides recommendations for securing the DNS server." />
<meta name="description" content="This article provides recommendations for securing the DNS server." />
<meta name="DC.Relation" scheme="URI" content="rzamvtcpdns.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="tcpsecdns" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Secure the DNS server</title>
</head>
<body id="tcpsecdns"><a name="tcpsecdns"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Secure the DNS server</h1>
<div><p>This article provides recommendations for securing the DNS server.</p>
<p>Following are security considerations when you choose to run DNS on your
system:</p>
<ul><li>The function that the DNS server provides is IP address translation and
name translation. It does not provide any access to objects on your system.
Your risk when an outsider accesses your DNS server is that the server provides
an easy way to view the topology of your network. Your DNS might save a hacker
some effort in determining the addresses of potential targets. However, your
DNS does not provide information that will help to break into those target
systems.</li>
<li>Typically, you use the DNS server for your intranet. Therefore, you probably
do not have a need to restrict the ability to query the DNS. However, you
might, for example, have several subnetworks within your intranet. You might
not want users from a different subnetwork to be able to query the DNS on
your system. A security option of DNS lets you limit access to a primary domain.
Use iSeries™ Navigator
to specify IP addresses to which the DNS server should respond.<p>Another
security option lets you specify which secondary servers can copy information
from your primary DNS server. When you use this option, your server will accept
zone transfer requests (a request to copy information) only from the secondary
servers that you explicitly list.</p>
</li>
<li>Be sure to carefully restrict the ability to change the configuration
file for your DNS server. Someone with malicious intent could, for example,
change your DNS file to point to an IP address outside your network. They
could simulate a server in your network and, perhaps, gain access to confidential
information from users that visit the server.</li>
</ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtcpdns.htm" title="These articles discuss methods for securing the DNS server for authorized users and preventing access to the DNS server.">Security considerations for using DNS server</a></div>
</div>
</div>
</body>
</html>