Accessing internal zones over a VPN
Jim Reid
jim at rfc1035.com
Mon Mar 22 19:29:14 UTC 2004
>>>>> "Anthony" == Anthony Chavez <acc at anthonychavez.org> writes:
>> A quick glance over the ARM has given me the impression that
>> TSIG, TKEY, SIG(0) and DNSSEC will enable me to do this
>> securely. Is this correct?
Maybe. It'll depend on your definition of "securely".
>> And is there anything that I should know beforehand before
>> attempting to enable these features?
This stuff is very difficult, verging on the impossible for a naive
DNS administrator to deploy successfully. Be sure you know what you're
letting yourself in for if you go down this path.
>> I also get the impression that DNSSEC still remains in
>> development. Is this accurate?
Yes. There's no generally available code that implements the latest
IETF drafts. So you'd best not try to deploy this on production
systems today. I doubt any DNSSEC experts would even do that.
More information about the bind-users
mailing list