You can build a tunnel between the servers using openvpn to secure
zone transfers. May also need policy based routing dependig on what
else you do. If you are doing zone transfers across a network you
control and have concerns about exposing data on it such as dns zone
transfers, you may want to start at the network.
Frank Pikelner
On 25-Mar-09, at 9:22 AM, "Ram Akuka" <ramak...@gmail.com> wrote:
Alan,
Is there's any way I can encrypt the zone transfer date (without using
any third-party encryption tool)?
Thanks,
--
Ram
2009/3/25 Alan Clegg <alan_cl...@isc.org>:
Ram Akuka wrote:
but encrypting the file system won't do the work here.
i agree that storing the key and the encrypted data on the same
machine is useless in security terms. that why i'm looking for a
build
in solution .
is there's any way the slave server can save the zone in format
diffent then clear text ?
TSIG does not "encrypt" the on-the-wire AXFR/IXFR data, and all of
your
queries are being done "in the clear", so I think that you may be
over-engineering this part of the operation.
You may want to worry more about securing the box so that the
attacker
can't get on in the first place.
AlanC
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
