LPIC-2 207.3 Securing a DNS server

• Weight: 2
• Description: Candidates should be able to configure a DNS server to run as a non-root user and run in a chroot jail. This objective includes secure exchange of data between DNS servers.

Key Knowledge Areas

• BIND 9 configuration files
• Configuring BIND to run in a chroot jail
• Split configuration of BIND using the forwarders statement
• Configuring and using transaction signatures (TSIG)
• Awareness of DNSSEC and basic tools

Terms and Utilities

• /etc/named.conf
• /etc/passwd
• DNSSEC
• dnssec-keygen
• dnssec-signzone