[nsd-users] Unsecured zone transfers and open resolvers

Shane Kerr shane at isc.org
Thu Jul 19 12:28:59 UTC 2012


On Thursday, 2012-07-19 15:17:19 +0300, 
Dmitry Kohmanyuk <dk at hostmaster.ua> wrote:

> > - a headache when some fool moves a server late on Friday
> the latter is mitigated by using TSIG keys for all transfers (highly
> recommended) or perhaps IP network ACLs (so if DNS slave address
> changes "slightly" it would still work.)

I actually recommend using *only* TSIG if you want to secure your
AXFR. Why make your life harder than it needs to be? :)


More information about the nsd-users mailing list