Hardening BIND with chroot and providing better security measures
In this recipe we will learn how to harden the basic installation of BIND with a chroot (change root) environment and providing better security measures.
BIND is a service that is in constant communication with the Internet at large and for this reason it remains vulnerable to abuse. Securing BIND can be difficult, but it is the purpose of this recipe to provide a series of configuration changes that will make your server much harder to compromise.
Getting ready
To complete this recipe you will require a working installation of the CentOS 6 operating system with root privileges, a static IP address, and a console-based text editor of your choice. An Internet connection will be required in order to install additional packages. Moreover, it will be assumed that you have already installed BIND as a result of the advice provided by a previous recipe found within this chapter (see Building a caching-only nameserver with BIND).
If you...