How secure is rndc?

[Edward Lewis]

At 14:48 +0100 12/21/06, Marc Haber wrote:

>I am wondering whether it is a problem to run rndc over the Internet
>to a remote server. I am usually using ssh to "tunnel" the rndc
>request (ssh remotehost rndc foo) but I am wondering whether I'd lose
>much security if I'd use rndc -s remotehost foo instead.
>
>Opening tcp/953 for the appropriate hosts is possible.

"How much" security you will get depends on the key you use for the 
exchange.  I.e., a randomly generated and longer in bits is better 
than a key which looks like a human-language phrase in the Base64 
rendering.

Also, to be more secure, change the key more often and protect the 
keys from snooping in the filesystem.  Depending on your paranoia 
level, you may want unique keys for each server under management 
instead of a master key for all.

What I cannot say for sure is whether RNDC is fully encrypted or just 
"signed."  The ARM page on RNDC says that the key is used when 
communicating, it doesn't say how it is used.  (Looking at the 9.3.2. 
ARM.)

If rndc is not encrypting it's traffic, running outside of an SSH 
tunnel means that others could see the commands.  But this doesn't 
mean they have a leg up in cracking the system open as the key is not 
exchanged.
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Dessert - aka Service Pack 1 for lunch.