Question : How can I build a secure bind server that just forwards

I would like to create a Linux server that only runs bind and the only thing it does is forwards DNS to other DNS IP addresses. So basically user has their DNS set to the public IP of this DNS server which when hit sends all requests to another DNS server IP.

Can someone provide some direction on this, I have a decent amount of Linux experience but my bind knowledge is limited.

Answer : How can I build a secure bind server that just forwards

Also make sure you install an absolute bare-bone system. After installing, do a check to see what ports have services on them:

netstat -nlp |more

Uninstall everything that's listening on a port other than bind (and ssh if you wish).

Also uninstall any compilers such as gcc g++ etc to make it harder for a potential hacker to compile his tools. Try running bind in a chroot jail:

http://www.falkotimme.com/howtos/debian_bind_chroot/
http://tldp.org/HOWTO/Chroot-BIND-HOWTO.html

As you can see, your focus will be more on securing the box itself than securing bind. You can rest assured that bind 9 is in its own right a rather secure beast and for forwarding-only servers there's not THAT much that you can do. The 3 or 4 things mentioned in the doc provided before is about it.

Random Solutions

How can I extend a TMobile Hotspot's range

Missing Expression at sql statement

554 - Relaying Error

What objects have special permissions on Oracle Application Server?

How to add reverse DNS entry for a second email STMP server and second ip?

Network computer disappears

Using Cisco 2600 Routers with Point-to-Point T1's & now changing T1 circuit providers, but new circuits don't work w/routers... HELP!

CNAME Domain redirection fails - BIND 9

Cisco Catalyst 3550 24 port