[dns-operations] anybody here from GDNS?
sfaber at cert.org
Wed Jul 16 02:34:38 UTC 2008
Perhaps not so much an example as an auditing guide, but consider DISA's
particularly section 3.4.2, "Query Restrictions for Caching Servers."
The document's written from an auditing standpoint, but it's got great
background information / justification for each audit item geared to the
average sysadmin. Section 4 goes into BIND implementation details, and
section 5 is on windows.
And if you're really audit-oriented, there's the associated DNS
checklist available at
Sean Donelan wrote:
> On Tue, 15 Jul 2008, Paul Vixie wrote:
>> anyone doing both authority and recursive in the same nameserver images
>> should be using views. or multiple nameserver images, each having its
>> listener IP. note that in the case of views, the nameserver really does
>> ask itself questions and answer them. in the case of multiple images,
>> really do discover eachother by iterating downward from the root zone.
> In the past, my suggestion has been to use different servers if you
> can. But for those who don't, are there complete examples of
> setting up a single server for both non-recursive authoritative, and
> recursive non-authoritative views for the same clients? I've pointed
> people to the isc.org tech papers and team cymru secure configuration;
> but they seem to assume you are using views because you have a
> The simpliest case would be a server authoritative for EXAMPLE.COM,
> and providing recursive service to the server (i.e. localhost).
> dns-operations mailing list
> dns-operations at lists.oarci.net
More information about the dns-operations