You could use the ecrypt fs for the location of the zone data - it would require a passphrase when bind starts up on the slave - this could cause trouble if the slave crashes.
In general there is NO way of having encrypted data on a machine AND having the keys on that same machine AND making it 100% secure. Regards, Chris http://www.finalcog.com 2009/3/25 Ram Akuka <ramak...@gmail.com> > > Hi, > I want to design a DNS system for secure authoritative server. > I’ll use one master server to store the data zone and use zone > transfer mechanism for the 2 public slave servers (which will defined > as masters in the internet). That way I’ll update and backup only > server. > I using TSIG for secure zone transfer but I have few questions, > Is there’s any way I can encrypt the zone files in the slave server, > that way no one can have access to the actual zone data beside the > master server. > (if for example someone will hack to the slave DNS he won’t have the > zones data). > > Thanks in advance, > > > -- > Ram > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
