Skip to main content
LPIC-2 Exam 202

LPIC-2 207.3 Securing a DNS server

By March 12, 2014No Comments
  • Weight: 2
  • Description: Candidates should be able to configure a DNS server to run as a non-root user and run in a chroot jail. This objective includes secure exchange of data between DNS servers.

Key Knowledge Areas

  • BIND 9 configuration files
  • Configuring BIND to run in a chroot jail
  • Split configuration of BIND using the forwarders statement
  • Configuring and using transaction signatures (TSIG)
  • Awareness of DNSSEC and basic tools

Terms and Utilities

  • /etc/named.conf
  • /etc/passwd
  • DNSSEC
  • dnssec-keygen
  • dnssec-signzone