DNSSEC validation for a local Bind
Tony Finch
dot at dotat.at
Thu Apr 17 10:22:20 UTC 2014
Roberto Carna <robertocarna36 at gmail.com> wrote:
> Dear, I have a local Bind which resolves local hostnames from my
> company. It doesn't connect to any DNS from Internet at all.
>
> Is it useful to set up DNSSC validation in order to avoid possible
> attacks (like cache poisoning or man in the middle) from my LAN ???
You will get benefits from internal DNSSEC if
(a) all your client machines run local validating resolvers
and more benefits if
(b) you use applications that benefit from DNSSEC authentication, e.g.
SSHFP records and VerifyHostKeyDNS, TLSA records and Postfix's DANE
implementation.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Trafalgar: Mainly northerly 5 in east, otherwise variable 4. Slight or
moderate. Showers, fog patches. Moderate, occasionally very poor.
More information about the bind-users
mailing list