Danny Mayer mayer at gis.net
Thu Mar 28 05:33:51 UTC 2002


At 10:04 AM 3/27/02, Lanka, Anu wrote:

>A couple of questions.
>
>1. To implement secure DNS, if we use split-dns architecture, is it enough.

This is a little vague especially without a subject line.  Enough for what?
It depends on the environment that you want to run this in.

>2. Reading online I came across
>
>a. the data origin authentication
>b. transaction and request authentication and
>c. key distribution
>
>How are these setup? Any URL's which describe these?

Did you read the BIND 9 ARM?  Did you read Cricket Liu's book
"DNS and BIND"?

>What are the industry best practices? Are there any levels associated for
>compliance like c2 etc.,

Did you read Rob Thomas's document:
http://www.cymru.com/~robt/Docs/Articles/secure-bind-template.html



>Are there any pros and cons of setting up DNS on NT server vs Unix Server.

You need to weigh the security of each of the different operating systems
and how to secure the way the DNS Server is run in order to reduce the
vunerabilities of the system. You also need to figure out how to set up
legitimate access to the data and files served by the DNS Server for proper
maintenance.

>I'm hoping  some one in the group may know answers to my questions. Also if
>any one could point to a good website, I appreciate it.
>
>Thanks in advance for your help.
>
>Anu

         Danny



More information about the bind-users mailing list