DNSSEC validation for a local Bind

Roberto Carna robertocarna36 at gmail.com
Mon Apr 21 00:12:00 UTC 2014


Dear Tony, how can I know if my LAN client machines are running
validating resolvers ?

My client machines are Windows 7, Debian 7 and Red Hat.

Thanks a lot again,

Roberto

2014-04-17 7:22 GMT-03:00 Tony Finch <dot at dotat.at>:
> Roberto Carna <robertocarna36 at gmail.com> wrote:
>
>> Dear, I have a local Bind which resolves local hostnames from my
>> company. It doesn't connect to any DNS from Internet at all.
>>
>> Is it useful to set up DNSSC validation in order to avoid possible
>> attacks (like cache poisoning or man in the middle) from my LAN ???
>
> You will get benefits from internal DNSSEC if
>
> (a) all your client machines run local validating resolvers
>
> and more benefits if
>
> (b) you use applications that benefit from DNSSEC authentication, e.g.
> SSHFP records and VerifyHostKeyDNS, TLSA records and Postfix's DANE
> implementation.
>
> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> Trafalgar: Mainly northerly 5 in east, otherwise variable 4. Slight or
> moderate. Showers, fog patches. Moderate, occasionally very poor.


More information about the bind-users mailing list