for those of you still using bind 4.9 (lets hear it for openbsd!) How do you secure your nameserver against all the nasty things that people can do? For that matter, do you actively secure it, or just set it up to work and forget about it?
basically i have a name server and want only some of the entries to be available to outsiders (mostly aliases for the same machine). the rest of them i want for internal people only. I know bind 8 and 9 have more advanced security features, but i dont want to deal with the more complex config (and possible security problems). i've skimmed through my oreilly book on the topic, but i havent spent the time to really read it in-depth. there is no easy way out unfortunately.
basically i have a name server and want only some of the entries to be available to outsiders (mostly aliases for the same machine). the rest of them i want for internal people only. I know bind 8 and 9 have more advanced security features, but i dont want to deal with the more complex config (and possible security problems). i've skimmed through my oreilly book on the topic, but i havent spent the time to really read it in-depth. there is no easy way out unfortunately.
