[dns-operations] Best Practices in DNS security

Roland Dobbins rdobbins at cisco.com
Sun Mar 19 22:18:55 UTC 2006

On Mar 19, 2006, at 10:03 AM, Geo. wrote:

> Previously I wasn't aware of a way to test for BCP38 compliance but  
> I think
> using DNS servers for the test I have come up with a valid way to  
> confirm at
> least a partial test (emailed to you separately) and I think it  
> should be
> far easier to base a blacklist strategy on that then on each  
> individual dns
> server on the planet.

As explained previously, this method (which isn't novel) isn't  
helpful in this context, because the problem is -outbound- spoofing  
from the perspective of the networks in question, not inbound.

Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

      Everything has been said.  But nobody listens.

                    -- Roger Shattuck

More information about the dns-operations mailing list