[nsd-users] Unsecured zone transfers and open resolvers
Shane Kerr
shane at isc.org
Thu Jul 19 12:28:59 UTC 2012
Dmitry,
On Thursday, 2012-07-19 15:17:19 +0300,
Dmitry Kohmanyuk <dk at hostmaster.ua> wrote:
> > - a headache when some fool moves a server late on Friday
>
> the latter is mitigated by using TSIG keys for all transfers (highly
> recommended) or perhaps IP network ACLs (so if DNS slave address
> changes "slightly" it would still work.)
I actually recommend using *only* TSIG if you want to secure your
AXFR. Why make your life harder than it needs to be? :)
--
Shane
More information about the nsd-users
mailing list