[dns-operations] Best Practices

Jared Mauch jared at puck.nether.net
Fri Jun 14 15:13:24 UTC 2013


On Jun 14, 2013, at 11:07 AM, Chip Marshall <chip at 2bithacker.net> wrote:

> There was some talk at a recent meeting about establishing some
> best practices for operating a DNS server. I'm curious if anyone
> is running with this, and if not, if this would be a good forum
> to start working on such a project.
> 
> I know there are some IETF documents around best practices for
> things like DNSSEC, but to the best of my knowledge there's not a
> good repository for things like RRL, making sure your recursive
> resolver isn't open, ensuring source port randomization (I know I
> still see a lot of source 53 queries) and so on.

I know I certainly would be interested in a few things, e.g.:

a) Secure configuration guidelines (RRL you can't make part of that, because it requires too much tuning IMHO).

b) configuration templates to align with guidelines (e.g.: remove query-source=53 etc) for the various DNS servers and systems.

c) configuration parser/warning system (e.g.: remove X, Add Y)

d) I have dns-map.org and have been meaning to do something interesting with it.

I'm interested in linking to such documents and helping shape them as part of the OpenResolverProject.

- Jared


More information about the dns-operations mailing list