"stealth master" DNS Security
Alan Clegg
Alan_Clegg at isc.org
Wed Mar 25 12:49:44 UTC 2009
Ram Akuka wrote:
> but encrypting the file system won't do the work here.
> i agree that storing the key and the encrypted data on the same
> machine is useless in security terms. that why i'm looking for a build
> in solution .
> is there's any way the slave server can save the zone in format
> diffent then clear text ?
TSIG does not "encrypt" the on-the-wire AXFR/IXFR data, and all of your
queries are being done "in the clear", so I think that you may be
over-engineering this part of the operation.
You may want to worry more about securing the box so that the attacker
can't get on in the first place.
AlanC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090325/9c00e2b1/attachment.bin>
More information about the bind-users
mailing list