dnssec-keygen is waiting endless...

Casey Deccio casey at deccio.net
Fri May 28 18:49:00 UTC 2010

On Fri, May 28, 2010 at 11:25 AM, Michelle Konzack <
linux4michelle at tamay-dogan.net> wrote:

> Currently I need to secure my bind9 since I had a massive attack  on  my
> <dns1> which is the master. Also I have had more then 30 million queries
> in less then one week and bind9 has eaten arround 2.4 GByte of memory...
DNSSEC is for securing your namespace, not your server. With DNSSEC a
validating resolver can prove the authenticity of an answer it receives, but
that won't help with attacks targeting your name server.

If you're looking to secure your server, you'll need to take other security
measures with regards to server/firewall configuration.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100528/797d7ecf/attachment.html>

More information about the bind-users mailing list