NSEC3 salt lifetime (and some other DNSSEC params): sane value?
niobos at dest-unreach.be
Tue Sep 21 13:43:25 UTC 2010
On 2010-09-21 15:32, Kalman Feher wrote:
> On 21/09/10 8:43 AM, "Niobos" <niobos at dest-unreach.be> wrote:
> I personally find protection against zone enumeration to be a false sense of
> security. If it's public people will find it. Ask your self what it is that
> you want publically accessible yet you don't want others to be aware of.
I'll reply with a quote from the BIND & DNS book:
It’s the difference between letting random folks call your company’s
switchboard and ask for John Q. Cubicle’s phone number [versus] sending
them a copy of your corporate phone directory.
> On a large scale, manual
> intervention would make me very concerned with the likelihood of human based
I'm even concerned that this will be the problem on my private zone...
thank you again for the very insightful info!
More information about the bind-users