"stealth master" DNS Security

Ram Akuka ramakuka at gmail.com
Wed Mar 25 13:21:41 UTC 2009


Alan,
Is there's any way I can encrypt the zone transfer date (without using
any third-party encryption tool)?

Thanks,

--
Ram


2009/3/25 Alan Clegg <Alan_Clegg at isc.org>:
> Ram Akuka wrote:
>> but encrypting the file system won't do the work here.
>> i agree that storing the key and the encrypted data on the same
>> machine is useless in security terms. that why i'm looking for a build
>> in solution .
>> is there's any way the slave server can save the zone in format
>> diffent then clear text ?
>
> TSIG does not "encrypt" the on-the-wire AXFR/IXFR data, and all of your
> queries are being done "in the clear", so I think that you may be
> over-engineering this part of the operation.
>
> You may want to worry more about securing the box so that the attacker
> can't get on in the first place.
>
> AlanC
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



More information about the bind-users mailing list