Ping a Specific Port

Question

user192702

Asked: 2014-01-26 18:26:10 +0800 CST2014-01-26 18:26:10 +0800 CST 2014-01-26 18:26:10 +0800 CST

Do I have to secure bind.keys for BIND 9?

772

just realized after installing bind-9.9.4-P2, there is a ./etc/bind.keys file already installed. I have looked at their explanation here but have no clue what this is for still.

Can someone please let me know if I need to secure this key also by making it only readable by root, similar to how I'd do the same for the rndc.conf file?

1 Answers

Voted

voretaq7 · Answer 1 · 2014-01-26T19:56:24+08:00

voretaq7

2014-01-26T19:56:24+08:002014-01-26T19:56:24+08:00

There is nothing "sensitive" in the bind.keys file that you would need to secure so that it cannot be read by normal users - it contains "trust anchors" for DNSSEC (the initial data used to validate the root zone, and for DLV).

You should however ensure that the file is not WRITABLE by regular users (or the user BIND runs as) - in fact there is no need for the file to be writable at all. It should not need updating frequently (if at all), and should you need to replace it you can do so as root.

1

Do I have to secure bind.keys for BIND 9?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?