DNSSEC validation for a local Bind

Tony Finch dot at dotat.at
Thu Apr 17 10:22:20 UTC 2014

Roberto Carna <robertocarna36 at gmail.com> wrote:

> Dear, I have a local Bind which resolves local hostnames from my
> company. It doesn't connect to any DNS from Internet at all.
> Is it useful to set up DNSSC validation in order to avoid possible
> attacks (like cache poisoning or man in the middle) from my LAN ???

You will get benefits from internal DNSSEC if

(a) all your client machines run local validating resolvers

and more benefits if

(b) you use applications that benefit from DNSSEC authentication, e.g.
SSHFP records and VerifyHostKeyDNS, TLSA records and Postfix's DANE

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Trafalgar: Mainly northerly 5 in east, otherwise variable 4. Slight or
moderate. Showers, fog patches. Moderate, occasionally very poor.

More information about the bind-users mailing list