Necessity of DNSSEC Lookaside Validation(DLV)
Chandan Laskar
Chandan.Laskar at itc.in
Tue Apr 7 15:43:22 UTC 2009
Hi,
We have deployed DNS on RHEL 5 Update 1. Below are feature of our DNS.
1. Implemented OS Security Best Practice ( e.g. Enable MD5 and shadow
passwords, Root Login Console Restricted, Configure SSH as an alternative
of Telnet e.t.c.).
2. Configured Openssl Version 0.9.8j.
3. Configured BIND 9.6.0-P1 with CHROOT Environment. So BIND is not
running as root user.
4. IPTABLES has been configured to block all the irrelevant ports.
5. Allow Update Feature in named.conf is not changed. So, by default it is
'NO'
After all the above mentioned protection do we really need to incorporate
DNSSEC Lookaside Validation(DLV) in our DNS?
Suggestion Please.
Thanks and regards,
Chandan Laskar
2nd Floor Data Center, ITC Center,
4, Russel Street, Kolkata - 700 016
Phone:(033)-22889900 Extn.: 3944
(0)-9830057396 (M)
Can you avoid printing this?
Think of the environment before printing the email.
-------------------------------------------------------------------------------
Please visit us at www.itcportal.com
******************************************************************************
This Communication is for the exclusive use of the intended recipient (s) and shall
not attach any liability on the originator or ITC Ltd./its Subsidiaries/its Group
Companies. If you are the addressee, the contents of this email are intended for your
use only and it shall not be forwarded to any third party, without first obtaining
written authorisation from the originator or ITC Ltd./its Subsidiaries/its Group
Companies. It may contain information which is confidential and legally privileged
and the same shall not be used or dealt with by any third party in any manner
whatsoever without the specific consent of ITC Ltd./its Subsidiaries/its Group
Companies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090407/a4519784/attachment.html>
More information about the bind-users
mailing list