dns best practices
kcd at chrysler.com
Wed Jan 26 20:48:45 UTC 2011
The document is a little sloppy. In addition to the mis-description of
the DNS resolver algorithm, already noted in a previous post, the part
in Section 8.1.2 about restricting zone transfers -- "These restrictions
address [...] potential exploits from unrestricted dissemination of
information about internal resources" -- makes up a "dissemination"
threat out of thin air, which was not mentioned in the previous,
supposedly-exhaustive enumeration of zone-transfer-related threats in
Section 6.2 -- a) denial-of-service, and b) message tampering.
On 1/25/2011 12:22 PM, Casey Deccio wrote:
> On Sun, Jan 23, 2011 at 10:30 PM,<pyh at mail.nsbeta.info> wrote:
>> Is there a document for dns& bind best practices?
>> I googled but found nothing valueable.
> NIST SP 800-81 Rev. 1:
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users