dns best practices
Kevin Darcy
kcd at chrysler.com
Wed Jan 26 20:48:45 UTC 2011
The document is a little sloppy. In addition to the mis-description of
the DNS resolver algorithm, already noted in a previous post, the part
in Section 8.1.2 about restricting zone transfers -- "These restrictions
address [...] potential exploits from unrestricted dissemination of
information about internal resources" -- makes up a "dissemination"
threat out of thin air, which was not mentioned in the previous,
supposedly-exhaustive enumeration of zone-transfer-related threats in
Section 6.2 -- a) denial-of-service, and b) message tampering.
- Kevin
On 1/25/2011 12:22 PM, Casey Deccio wrote:
> On Sun, Jan 23, 2011 at 10:30 PM,<pyh at mail.nsbeta.info> wrote:
>> Is there a document for dns& bind best practices?
>> I googled but found nothing valueable.
>>
> NIST SP 800-81 Rev. 1:
>
> http://csrc.nist.gov/publications/nistpubs/800-81r1/sp-800-81r1.pdf
>
> Casey
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
More information about the bind-users
mailing list