The functionality of the Stealth name server was previously described. The following diagram illustrates the conceptual view of a Stealth (a.k.a. Split) DNS server system.
Figure 6.1 Split/Stealth Server configuration
The key issue in a 'Stealth' (a.k.a. Split) DNS system is that there is a clear line of demarcation between the 'Internal' Stealth server(s) and the 'External' or Public DNS servers(s). The primary difference in configuration is the 'Stealth' Servers will provide a comprehensive set of services to internal users to include caching and recursive queries and would be configured as a typical Master DNS, while the External server may provide limited services and would typically be configured as an Authoritative Only DNS server.
There are two critical points:
The zone file for the 'Stealth' server will contain both public and private hosts, whereas the 'Public' server's master zone file will contain only public hosts.
To preserve the 'Stealth' nature it is vital that the PUBLIC DNS configuration does not include options such as 'master', 'allow-notify','allow-transfer', etc. with references to the IP of the 'Stealth' server. If the Stealth servers IP where to appear in the Public DNS server and its file system were to be compromised the attacker could gain more knowledge about the organisation - they can penetrated the 'veil of privacy' by simply inspecting the 'named.conf file.
There are a number of articles which suggest that the view statement may be used to provide similar functionality using a single server. This does not address the problem of the DNS host system being compromised and by simple 'named.conf' file inspection additional data about the organisation being discovered. In a secure environment 'view' does not provide a 'Stealth DNS' solution if there is any possibility that a filesystem compromise can happen
No comments:
Post a Comment