[prev in list] [next in list] [prev in thread] [next in thread]
List: dns-operations
Subject: Re: [dns-operations] Stunning security discovery: AXFR may leak information
From: Fred Morris <m3047 () m3047 ! net>
Date: 2015-04-16 16:11:17
Message-ID: Pine.LNX.4.53.1504160908020.12117 () flame ! m3047 ! net
[Download RAW message or body]
Oh haven't search lists become so much fun...
On Wed, 15 Apr 2015, Mark Andrews wrote:
> When rsh was all in fashion [...]
I love that historical moment! :-)
> [...]
> Any zones you have in your search lists should be servers locally
> so that you can survive network partitions. These may or may not
> all be zones you "own". With DNSSEC this includes all the parent
> zones unless you want to have to install and manage trust anchors
> for all the local zones on all machines performing validation.
Good point, and subtle. Probably missed by a lot of people... the
implications, regardless of if they're going to do it or not.
--
Fred Morris
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic