"stealth master" DNS Security
Ram Akuka
ramakuka at gmail.com
Wed Mar 25 11:01:44 UTC 2009
Thanks Cris,
but encrypting the file system won't do the work here.
i agree that storing the key and the encrypted data on the same
machine is useless in security terms. that why i'm looking for a build
in solution .
is there's any way the slave server can save the zone in format
diffent then clear text ?
Thanks
--
Ram
On Wed, Mar 25, 2009 at 12:17 PM, Chris Dew <cmsdew at googlemail.com> wrote:
> You could use the ecrypt fs for the location of the zone data - it
> would require a passphrase when bind starts up on the slave - this
> could cause trouble if the slave crashes.
>
> In general there is NO way of having encrypted data on a machine AND
> having the keys on that same machine AND making it 100% secure.
>
> Regards,
>
> Chris
>
> http://www.finalcog.com
>
>
> 2009/3/25 Ram Akuka <ramakuka at gmail.com>
>>
>> Hi,
>> I want to design a DNS system for secure authoritative server.
>> I’ll use one master server to store the data zone and use zone
>> transfer mechanism for the 2 public slave servers (which will defined
>> as masters in the internet). That way I’ll update and backup only
>> server.
>> I using TSIG for secure zone transfer but I have few questions,
>> Is there’s any way I can encrypt the zone files in the slave server,
>> that way no one can have access to the actual zone data beside the
>> master server.
>> (if for example someone will hack to the slave DNS he won’t have the
>> zones data).
>>
>> Thanks in advance,
>>
>>
>> --
>> Ram
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list