Re: [MLUG] DNS at UMC

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: EMAIL:PROTECTED
Subject: Re: [MLUG] DNS at UMC
From: Michael Procter <mprocter>
Date: Tue, 4 Dec 2001 13:58:51 -0600
In-Reply-To: <EMAIL:PROTECTED>; from EMAIL:PROTECTED on Mon, Dec 03, 2001 at 07:53:32AM -0600
References: <EMAIL:PROTECTED>
Reply-To: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED
User-Agent: Mutt/1.2.5i

On Mon, Dec 03, 2001 at 07:53:32AM -0600, McNutt, Justin M. wrote:
> > There's always DNS poisoning. It's nailed some high-profile 
> > places (Yankees,
> > Hillary, etc.).
> 
> I haven't yet figured out how to defeat DNS poisoning in the design I've
> built, partly because I don't entirely understand how the poisoning is
> accomplished.
> 
> > The real risk is reconnaissance, but recon is the name of the 
> > open-environment game such as a University
> 
> Not for long.  I am working on reducing the number of zones we host and the
> number of name servers that we "officially" talk to.  Somewhere along the
> path, only hosts with NS records in the zones we host will be allowed to do
> zone transfers with us, and even then, probably not with noc.
> 
> After that, I'll be setting up digital keys so I can essentially
> authenticate the hosts that *are* authorized to do the transfers.
> 

Since we had the presentation on djbdns, which is supposed to be more
secure than BIND, I'll ask the naive question, why wouldn't that be
better?
-- 
Michael Procter
EMAIL:PROTECTED
--
To unsubscribe, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

References:
- [MLUG] DNS at UMC
  - From: "McNutt, Justin M." <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG] WordPerfect 8 for linux
Next by Date: RE: [MLUG] DNS at UMC
Previous by thread: [MLUG] DNS poisoning for fun and profit
Next by thread: RE: [MLUG] DNS at UMC
Index(es):
- Date
- Thread