"stealth master" DNS Security
Mark Andrews
Mark_Andrews at isc.org
Wed Mar 25 14:44:39 UTC 2009
In message <f54650f40903250704l40f629d1ibac31da842c9c31 at mail.gmail.com>, Ram Ak
uka writes:
> 2009/3/25 Alan Clegg <Alan_Clegg at isc.org>:
> > Ram Akuka wrote:
> >
> >> Is there's any way I can encrypt the zone transfer date (without using
> >> any third-party encryption tool)?
> >
> > Why exactly do you want to do this?
> >
> > DNS data is NOT PROTECTED DATA.
> >
> > As long as queries and responses are permitted in the clear (which is
> > the way DNS works), you are only fooling yourself by doing all of this
> > "encryption".
> >
> > AlanC
>
> indeed this is not protected data , but i don't want to give to a
> potential intruder all the data of all my clients just by listening to
> my zone transfer data.
> but in the overall i agree the best way to do it is by securing my servers.
>
> thanks anyway ,
>
>
> Ram
Use IPSEC between the master and slave servers.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list