Transactional Security in BIND 9

Source: LinuxMag.com

Like most Internet protocols, the Domain Name System (DNS) began its life without many built-in security mechanisms. DNS is, after all, a global, public naming service, so you don't normally care who queries your name server for data in the zones that you are responsible for maintaining.

The Unix world (including Linux) generally used BIND, the Berkeley Internet Name Domain software, to handle the resolution of domain names to IP addresses (and vice versa). Microsoft has its own implementation of a domain name server, first included in Windows NT 4.0 and now shipped in Windows 2000. While neither BIND nor the Microsoft DNS Server were particularly secure, BIND was open source and evolved quickly to include new security mechanisms for countering the malicious attacks that became more prevalent when DNS's vulnerabilities were realized.

One of those security mechanisms, first introduced in BIND 8.2, was TSIG (Transaction Signatures). Later, Microsoft released Windows 2000, which uses a dialect of TSIG to secure dynamic updates between Windows 2000 clients and name servers. (Unfortunately, this isn't a dialect spoken by BIND yet, and it's not clear which version will support it. For more information on running BIND in a mixed environment, see the article "The Ties That BIND" (http://www.linux-mag.com/2001-03/bind_01.html) in the March 2001 issue of Linux Magazine.) BIND 9 supports TSIG even more completely, allowing administrators to secure almost any communication between two name servers. The techniques in this article counter a variety of attacks that could render a DNS server unable to do its job.