John Wobus wrote:
On Mar 25, 2009, at 5:20 AM, Ram Akuka wrote:
Is there’s any way I can encrypt the zone files in the slave server,
that way no one can have access to the actual zone data beside the
master server.
(if for example someone will hack to the slave DNS he won’t have the
zones data)
On Mar 25, 2009, at 5:20 AM, Ram Akuka wrote:
Is there’s any way I can encrypt the zone files in the slave server,
that way no one can have access to the actual zone data beside the
master server.
(if for example someone will hack to the slave DNS he won’t have the
zones data).
No.
__
You can build a tunnel between the servers using openvpn to secure
zone transfers. May also need policy based routing dependig on what
else you do. If you are doing zone transfers across a network you
control and have concerns about exposing data on it such as dns zone
transfers, you may wa
In message , Ram Ak
uka writes:
> 2009/3/25 Alan Clegg :
> > Ram Akuka wrote:
> >
> >> Is there's any way I can encrypt the zone transfer date (without using
> >> any third-party encryption tool)?
> >
> > Why exactly do you want to do this?
> >
> > DNS data is NOT PROTECTED DATA.
> >
> > As long a
IPSEC really isn't too onerous between machines with static IP
addresses just a thought.
2009/3/25 Ram Akuka :
> 2009/3/25 Alan Clegg :
>> Ram Akuka wrote:
>>
>>> Is there's any way I can encrypt the zone transfer date (without using
>>> any third-party encryption tool)?
>>
>> Why exactly do y
2009/3/25 Alan Clegg :
> Ram Akuka wrote:
>
>> Is there's any way I can encrypt the zone transfer date (without using
>> any third-party encryption tool)?
>
> Why exactly do you want to do this?
>
> DNS data is NOT PROTECTED DATA.
>
> As long as queries and responses are permitted in the clear (whi
Ram Akuka wrote:
> Is there's any way I can encrypt the zone transfer date (without using
> any third-party encryption tool)?
Why exactly do you want to do this?
DNS data is NOT PROTECTED DATA.
As long as queries and responses are permitted in the clear (which is
the way DNS works), you are onl
Alan,
Is there's any way I can encrypt the zone transfer date (without using
any third-party encryption tool)?
Thanks,
--
Ram
2009/3/25 Alan Clegg :
> Ram Akuka wrote:
>> but encrypting the file system won't do the work here.
>> i agree that storing the key and the encrypted data on the same
>>
Ram Akuka wrote:
> but encrypting the file system won't do the work here.
> i agree that storing the key and the encrypted data on the same
> machine is useless in security terms. that why i'm looking for a build
> in solution .
> is there's any way the slave server can save the zone in format
> di
So you want to store data on the slaves which will not be accessible
to an attacker who has root privileges on the same slave?
This looks difficult.
One possibility is to replace bind's operations on the slave's zone
file (the loading and saving of data) with a hack to bind which stores
the data
Thanks Cris,
but encrypting the file system won't do the work here.
i agree that storing the key and the encrypted data on the same
machine is useless in security terms. that why i'm looking for a build
in solution .
is there's any way the slave server can save the zone in format
diffent then clear
You could use the ecrypt fs for the location of the zone data - it
would require a passphrase when bind starts up on the slave - this
could cause trouble if the slave crashes.
In general there is NO way of having encrypted data on a machine AND
having the keys on that same machine AND making it 10
Hi,
I want to design a DNS system for secure authoritative server.
I’ll use one master server to store the data zone and use zone
transfer mechanism for the 2 public slave servers (which will defined
as masters in the internet). That way I’ll update and backup only
server.
I using TSIG for secure z
13 matches
Mail list logo
