How secure is rndc?
Marc Haber
mh+bind-users at zugschlus.de
Thu Dec 21 16:13:46 UTC 2006
On Thu, Dec 21, 2006 at 09:39:12AM -0600, Len Conrad wrote:
> >So people can see whether I just have reloaded or stopped my server. I
> >do not have a big problem with that.
>
> and they can reload or stop your DNS server, too (if they have the key)
If they have the rndc key, they can use rndc. If they have the ssh
key, they can ssh. Same thing. And of course true.
Additionally, in my understanding, I can limit a key to be only valid
when used from certain IP addresses.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the bind-users
mailing list