Thanks Cris, but encrypting the file system won't do the work here. i agree that storing the key and the encrypted data on the same machine is useless in security terms. that why i'm looking for a build in solution . is there's any way the slave server can save the zone in format diffent then clear text ?
Thanks -- Ram On Wed, Mar 25, 2009 at 12:17 PM, Chris Dew <cms...@googlemail.com> wrote: > You could use the ecrypt fs for the location of the zone data - it > would require a passphrase when bind starts up on the slave - this > could cause trouble if the slave crashes. > > In general there is NO way of having encrypted data on a machine AND > having the keys on that same machine AND making it 100% secure. > > Regards, > > Chris > > http://www.finalcog.com > > > 2009/3/25 Ram Akuka <ramak...@gmail.com> >> >> Hi, >> I want to design a DNS system for secure authoritative server. >> I’ll use one master server to store the data zone and use zone >> transfer mechanism for the 2 public slave servers (which will defined >> as masters in the internet). That way I’ll update and backup only >> server. >> I using TSIG for secure zone transfer but I have few questions, >> Is there’s any way I can encrypt the zone files in the slave server, >> that way no one can have access to the actual zone data beside the >> master server. >> (if for example someone will hack to the slave DNS he won’t have the >> zones data). >> >> Thanks in advance, >> >> >> -- >> Ram >> _______________________________________________ >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
