Securing the BIND DNS server

Two articles have been written, the focus of updates is on the v9 paper:

1. Hardening BIND v8: bind_hardening8.html
2. Running BIND v9 DNS Server securely: bind9_20010430.html

The Bind V9 paper walks through compiling, installing and configuring a chroot'ed BIND v9 on Solaris 2.6 and 8. It also presents examples of advanced topics such as TSIGs and dynamic updates. It is specific to version 9 but aims to help existing BIND 8 administrators realize what is involved in migrating to v9.

Although originally written in 2001, information may still be relevant to you: I do update now and again due to positive feedback and to document some Solaris servers I still have running productively.

If starting from scratch now, I'd probably use Ubuntu LTS as the base OS and use the standard packages and automated updates :-)