How secure is rndc?
Len Conrad
LConrad at Go2France.com
Thu Dec 21 15:11:44 UTC 2006
>What I cannot say for sure is whether RNDC is fully encrypted or just
>"signed."
TSIG is signed packets, the packet contents being cleartext.
TSIG guarantees that
1. the packet sent is identical to the packet received.
2. the sender and recipient share the same key.
the intent is not to hide/encrypt the packet contents
Len
> The ARM page on RNDC says that the key is used when
>communicating, it doesn't say how it is used. (Looking at the 9.3.2.
>ARM.)
>
>If rndc is not encrypting it's traffic, running outside of an SSH
>tunnel means that others could see the commands. But this doesn't
>mean they have a leg up in cracking the system open as the key is not
>exchanged.
>--
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>Edward Lewis +1-571-434-5468
>NeuStar
>
>Dessert - aka Service Pack 1 for lunch.
More information about the bind-users
mailing list