NSEC3 salt lifetime (and some other DNSSEC params): sane value?
Matus UHLAR - fantomas
uhlar at fantomas.sk
Wed Sep 22 09:29:26 UTC 2010
> >> I'll reply with a quote from the BIND& DNS book:
> >> It’s the difference between letting random folks call your company’s
> >> switchboard and ask for John Q. Cubicle’s phone number [versus] sending
> >> them a copy of your corporate phone directory.
> > That is a poor analogy.
imho it's perfect.
> On 2010-09-21 16:56, Phil Mayers wrote:
> > Do you have reverse DNS in .in-addr.arpa?
On 22.09.10 11:24, Niobos wrote:
> Yes
> > Have you timed how long an "nmap -sL yoursubnet/mask" takes? Because it
> > doesn't take very long for us, and we've got a lot of large subnets.
> A few seconds
and how long will it take for /48 (2^80 = 1208925819614629174706176) in ipv6
environment? :)
> > Attackers can gain a lot of info from this;
> Correct
at present, yes. with ipv6, they will rely much more on DNS or other public
informations.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.
More information about the bind-users
mailing list