Setup guide
UNCLASSIFIED
30
4. Securing Network Services
Mac OS X Server includes software packages to provide many network services,
many of which are based on open-source projects. Although Apple provides
configuration tools, completely and securely configuring many of these packages
demands familiarization with their project documentation.
4.1 Securing the DNS Service
Mac OS X Server includes an installation of BIND 9.2 (Berkeley Internet Name
Daemon) for use as domain name server software. First, the DNS server software
should be deactivated if the system is not intended to be a DNS server. Second, some
DNS server security configuration is possible through the Server Admin program,
and is explained in this chapter. However, detailed setup and secure configuration of
the BIND name server is beyond the scope of this document. The following
references provide detailed information about tailoring your DNS server to your
specific needs:
“Mac OS X Server Network Services Administration for version 10.3 or later.”
http://www.apple.com/support/server
DNS and BIND, 4
th
Edition. Paul Albitz, Cricket Liu. O’Reilly and Associates.
http://www.oreilly.com/catalog/dns4/index.html
Securing an Internet Name Server. Cricket Liu.
• http://www.linuxsecurity.com/resource_files/server_security/securing_an_i
nternet_name_server.pdf
FreeBSD Handboook (DNS Section). http://www.freebsd.org/doc/en_US.ISO8859-
1/books/handbook/network-dns.html
4.1.1 Disable the DNS Service
To disable the DNS service:
1. Open Server Admin.
2. Click DNS in the list for the server you’re configuring.
3. Verify that the top of the window says “DNS Service is: Stopped.” If not,
click the “Stop Service” button.
4.1.2 Basic Security Settings
If the system will be used as a DNS server, some basic security settings can be
configured using Server Admin. Unless your site requires them, turn off Zone
Transfers and recursive DNS queries as follows:
1. Open Server Admin.
2. Click DNS in the list for the server you’re configuring.