There are instances where a full htaccess redirect rule is not the best solution, specifically to enforce only a single page to be encrypted. This may occur during PCI compliance scans which report an insecure login page. In this example, simply adding the following code to the header of the SSL-desired page will force it […]
Read MoreBy default, bind will allow recursive queries for lookups on other domains that are not master zones on the name server. This presents some PCI compliance issues and some informational vulnerabilities (allowing third parties to query the nameserver). It is important to restrict who can perform DNS queries, in addition to what is allowed to […]
Read MoreRecently, there’s been a few instances I’ve come across where DNS updates have been “stuck” or broken due to people screwing up the zone serial numbers. The fields of the zone’s SOA resource record, in particular the “serial number”, determines whether an actual data transfer need occur at all. The name servers compare the serial […]
Read More
Erik
Thursday, January 28, 2010
linux administration - tips, notes and projects
3 Comments