Discuss mailing list

[Dale <dweide9 AT aim.com>]

Hi all,

I'm sure this subject has been touched on before, but since I am not using my spare computer as a webserver now & have a static ip, I would like to put it to use on OpenNIC as a Tier 2 DNS. Therefore, I wanted to see how you all feel about the security measures I put in place. Besides the basics of running the latest addition of Ubuntu server (my linux flavor of choice, since I am comfortable with the desktop version on my other computer), only installing needed software, keeping up to date on security patches, & securing grub, I had also incorporated the following for my webserver:

1. set uncomplicated firewall to deny all, then only open needed ports. 

2. using chkrootkit/rkhunter

3. using apparmor (+profiles)

4. using apache mod_security, mod_evasive & mod_qos

5. using logcheck /portsentry

6. Had used webserver security testing apps, i.e. nikto & w3af, but not sure what is out there for DNS

 

So, please let me know if you think what I am using is adequate, if anything else is essential, & what are good DNS security testing apps. I want to make sure things are as secure as possible before going live.

Thanks,

Dale