[dns-operations] Best Practices in DNS security
jim at rfc1035.com
Sat Mar 18 00:21:26 UTC 2006
On Mar 17, 2006, at 18:35, Geo. wrote:
> I've been trying to find a good solution for this for us but this
> "lock down your recursive servers" thing is just a nightmare for most
> smaller ISPs.
Why? A certain level of clue is required to run an ISP: buy and sell
bandwidth, configure routers, manange address space, bill customers,
etc, etc. Configuring name servers is one of those core skills. Or
should be. If an ISP cannot master the fundamentals needed to run its
business, market forces and Darwinism will take their course. One of
the hopes I have for this list is documenting and recommending best
practices so DNS clue levels increase and name server setups improve.
Telling people to lock down their recursive servers -- and why they
should do that -- is a step down that road.
What you seem to be saying is equivalent to "operation of a car's
controls is a nightmare for drivers".
More information about the dns-operations