Actually I've heard the work on some sort of authenticated or secure DNS system is doing well. Don't know where you could grab more info on it though.. That would provide the more secure environment for doing DNS updates.
----- Original Message ----- From: "Robert Varga" <[EMAIL PROTECTED]> To: "Chris Wagner" <[EMAIL PROTECTED]> Cc: "t s a d i" <[EMAIL PROTECTED]>; <debian-isp@lists.debian.org> Sent: Wednesday, March 08, 2000 11:46 AM Subject: Re: InterNIC Name Server is a slave server > > > On Tue, 7 Mar 2000, Chris Wagner wrote: > > > At 02:20 AM 3/7/00 -0800, t s a d i wrote: > > >is, is it OK if the DNS server registered on InterNic as authoricative > > >is not a master but just a slave w/c depends on its data from an > > >external/different DNS server ? > > > > As long as the servers listed by InterNIC give out correct DNS info, it > > shouldn't matter. You might have some strange behaviour if something wants > > an authoritative answer but I doubt it. > > > > You have some mistaken opinion about DNS authority. A slave DNS server is > an authoritative DNS server. Only cached DNS data is not an authoritative > source of information. > > IMHO best security for DNS services is to get their data from an > unpublished third DNS server, and publish two slave servers for the > registrar. > > This way neither of the DNS servers can be bombarded with false update > requests forged to come from the master since the master should be unknown > for outsiders. This way the slave DNS data cannot be poisoned. > > Robert Varga > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
