It is preferable to run the DNS server installation process with the YaST tool. For details on the DNS Server installation process, see Section 11.0, Installing and Configuring DNS
During the DNS server installation ensure that the Use secure channel for configuration option is selected. This ensures that the authentication mechanism is secured.
To load novell-named with the -t (chroot) option, make sure that the following directories are created under the chroot directory with permissions to the user specified with the -u option:
The configuration file directory - /etc/opt/novell/named
The log file directory - /var/opt/novell/log/named
The pid directory - /var/opt/novell/run/named
By default novell-named is loaded by using the existing non-root user, which is named. You should load novell-named with the -u<non-root user> option.
It is recommended to load named with a log level specific for your needs. For more details, see Section 13.3, novell-named Command Line Options
You should configure Apparmor profiles for novell-named according to your needs. The default profile is stored at /etc/apparmor.d/opt.novell.named.bin.novell-named and includes only minimal configuration.
After making changes to the profile, reload Apparmor with the rcapparmor command.
Zone security factors: To secure DNS, BIND provides different options. This includes IP-based access control and secure queries using Keys (recommended). The allow-query option is used to restrict queries to a particular set of hosts or keys.
For non-authoritative zones (zones not served by the server, so the responses are cached), restrict the query access at the server level (using allow-query) to your own network.
For authoritative zones (zones served by the server), access can be restricted either to your local network or to any other network.
NOTE:Restrict DNS zone transfers to only the servers that absolutely need it.