The document is a little sloppy. In addition to the mis-description of
the DNS resolver algorithm, already noted in a previous post, the part
in Section 8.1.2 about restricting zone transfers -- "These restrictions
address [...] potential exploits from unrestricted dissemination of
information about internal resources" -- makes up a "dissemination"
threat out of thin air, which was not mentioned in the previous,
supposedly-exhaustive enumeration of zone-transfer-related threats in
Section 6.2 -- a) denial-of-service, and b) message tampering.
- Kevin
On 1/25/2011 12:22 PM, Casey Deccio wrote:
On Sun, Jan 23, 2011 at 10:30 PM,<p...@mail.nsbeta.info> wrote:
Is there a document for dns& bind best practices?
I googled but found nothing valueable.
NIST SP 800-81 Rev. 1:
http://csrc.nist.gov/publications/nistpubs/800-81r1/sp-800-81r1.pdf
Casey
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
