[nsd-users] Unsecured zone transfers and open resolvers
Arnt Gulbrandsen
arnt at gulbrandsen.priv.no
Thu Jul 19 08:17:24 UTC 2012
On 07/18/2012 10:16 PM, Valentin Bud wrote:
> This led me to the conclusion that the sys admins don't pay enough
> attention or don't really know or understand DNS technology.
Here's a list of what you get when you restrain zone transfers:
- security through obscurity
- somewhat lighter load (on ram, cpu or network)
- a headache when some fool moves a server late on Friday
Add it up for yourself. Is the risk of running out of RAM bigger than
the risk of someone reorganizing services and getting the ACLs wrong? Is
security through obscurity something mildly desirable or something you
want to avoid?
Arnt
More information about the nsd-users
mailing list