[dns-operations] Best Practices
Jared Mauch
jared at puck.nether.net
Fri Jun 14 15:13:24 UTC 2013
On Jun 14, 2013, at 11:07 AM, Chip Marshall <chip at 2bithacker.net> wrote:
> There was some talk at a recent meeting about establishing some
> best practices for operating a DNS server. I'm curious if anyone
> is running with this, and if not, if this would be a good forum
> to start working on such a project.
>
> I know there are some IETF documents around best practices for
> things like DNSSEC, but to the best of my knowledge there's not a
> good repository for things like RRL, making sure your recursive
> resolver isn't open, ensuring source port randomization (I know I
> still see a lot of source 53 queries) and so on.
I know I certainly would be interested in a few things, e.g.:
a) Secure configuration guidelines (RRL you can't make part of that, because it requires too much tuning IMHO).
b) configuration templates to align with guidelines (e.g.: remove query-source=53 etc) for the various DNS servers and systems.
c) configuration parser/warning system (e.g.: remove X, Add Y)
d) I have dns-map.org and have been meaning to do something interesting with it.
I'm interested in linking to such documents and helping shape them as part of the OpenResolverProject.
- Jared
More information about the dns-operations
mailing list