[dns-operations] Best Practices in DNS security
Roland Dobbins
rdobbins at cisco.com
Sun Mar 19 22:18:55 UTC 2006
On Mar 19, 2006, at 10:03 AM, Geo. wrote:
> Previously I wasn't aware of a way to test for BCP38 compliance but
> I think
> using DNS servers for the test I have come up with a valid way to
> confirm at
> least a partial test (emailed to you separately) and I think it
> should be
> far easier to base a blacklist strategy on that then on each
> individual dns
> server on the planet.
As explained previously, this method (which isn't novel) isn't
helpful in this context, because the problem is -outbound- spoofing
from the perspective of the networks in question, not inbound.
----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Everything has been said. But nobody listens.
-- Roger Shattuck
More information about the dns-operations
mailing list