How secure is rndc?

Marc Haber mh+bind-users at zugschlus.de
Thu Dec 21 16:13:46 UTC 2006


On Thu, Dec 21, 2006 at 09:39:12AM -0600, Len Conrad wrote:
> >So people can see whether I just have reloaded or stopped my server. I
> >do not have a big problem with that.
> 
> and they can reload or stop your DNS server, too (if they have the key)

If they have the rndc key, they can use rndc. If they have the ssh
key, they can ssh. Same thing. And of course true.

Additionally, in my understanding, I can limit a key to be only valid
when used from certain IP addresses.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



More information about the bind-users mailing list