Question about DNSSEC

Barry Margolin barmar at genuity.net
Thu Jun 22 15:35:08 UTC 2000


In article <49256906.003044AB.00 at mail.dacomst.com>,  <scyoon at dacom.net> wrote:
>     I have some questions about DNSSEC.
>     I know that BIND supports options, such as 'allow-query', 'key',
>      and 'allow-transfer', for the security.

Allow-query and allow-transfer have nothing to do with DNSSEC.  DNSSEC is a
set of cryptographic mechanisms in the protocol to enable authentication of
DNS data and prevent DNS spoofing and cache pollution (the 'key' option is
part of this, to set the encryption key).

>     But, I'm wondering which case 'allow-query' is used at and how many systems
> are
>     using these options at real networks.
>     Is it usual ?

Allow-query is usually used by organizations running caching servers so
that they allow only their own users to use them.  This prevents people
outside their network from stealing their service.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.



More information about the bind-users mailing list