[dns-operations] Best Practices in DNS security

Jim Reid jim at rfc1035.com
Sat Mar 18 00:21:26 UTC 2006

On Mar 17, 2006, at 18:35, Geo. wrote:

> I've been trying to find a good solution for this for us but this  
> whole
> "lock down your recursive servers" thing is just a nightmare for most
> smaller ISPs.

Why? A certain level of clue is required to run an ISP: buy and sell  
bandwidth, configure routers, manange address space, bill customers,  
etc, etc. Configuring name servers is one of those core skills. Or  
should be. If an ISP cannot master the fundamentals needed to run its  
business, market forces and Darwinism will take their course. One of  
the hopes I have for this list is documenting and recommending best  
practices so DNS clue levels increase and name server setups improve.  
Telling people to lock down their recursive servers -- and why they  
should do that -- is a step down that road.

What you seem to be saying is equivalent to "operation of a car's  
controls is a nightmare for  drivers".

More information about the dns-operations mailing list