DNS Security Considerations and the Alternatives to BIND

This paper discusses important considerations regarding DNS Security. Due to the continuous break-ins to BIND 8 (one of the most popular choice of DNS server) in the past, this paper proposes either (a) securing your BIND 8 by running as an unprivileged user with chrooting into jail, (b) upgrading to BIND 9 and securing it running as an unprivileged user with chrooting into jail or (c) switch to using other alternatives. By the end of this paper, the reader will have some ideas on a more secure implementation of the DNS server.