sasa sasa wrote:
> I'm trying to setup a DNS for an ISP, this ISP's DNS is in delegation
> tree (answering world), and I know about cache vulnerabilities so I was
> wondering what is the best solution for ISPs? By separating cache from
> authorities, you mean implementing 2 DNSs (2 different IPs)?
On Dec 16, 2011, at 11:22 AM, sasa sasa wrote:
I'm trying to setup a DNS for an ISP, this ISP's DNS is in
delegation tree (answering world), and I know about cache
vulnerabilities so I was wondering what is the best solution for ISPs?
By separating cache from authorities, you mean implementing
I'm trying to setup a DNS for an ISP, this ISP's DNS is in delegation tree
(answering world), and I know about cache vulnerabilities so I was wondering
what is the best solution for ISPs?
By separating cache from authorities, you mean implementing 2 DNSs (2 different
IPs)? This doesn't sound pra
If CloudFlare is similar to Akamai's solution, recursive servers never
see the CNAME record. Instead, when the auth server receives the
query
for the A record of the apex, it performs its own query for the CNAME,
and returns the result of this.
In other words, if your theory is correct, this
On Dec 15, 2011, at 3:07 AM, sasa sasa wrote:
For an ISP, is there any risk in configuring BIND DNS as cache only
and adding customer's reverse mapping zones?
If this copy of the reverse zone is for the world's use (i.e. in the
delegation tree), then your DNS server would
be answering querie
All,
I had a use-case for bind RPZ today, so enabled it on our internal
testing DNS servers (running 9.8.1-P1).
I had already created and deployed the "rpz" zone, as a sub-zone of our
(DNSSEC-signed) main zone.
As soon as the cfengine job ran, which basically added:
response-policy { zon
6 matches
Mail list logo
