[dns-operations] Best Practices
Gabriel Iovino
giovino at ren-isac.net
Fri Jun 14 17:41:10 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/14/2013 11:07 AM, Chip Marshall wrote:
> I know there are some IETF documents around best practices for
> things like DNSSEC, but to the best of my knowledge there's not a
> good repository for things like RRL, making sure your recursive
> resolver isn't open, ensuring source port randomization (I know I
> still see a lot of source 53 queries) and so on.
I have been using this document a lot when working with .edu's on open
resolvers.
Domain Name System (DNS) Security Reference Architecture
http://www.dhs.gov/sites/default/files/publications/dns_reference_architecture_0.pdf
Not sure how close that is to what you are envisioning.
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAlG7VbUACgkQwqygxIz+pTuKWACdEPL+8PCt8OVVdddUHcfg0pXS
tfsAoL+Mfzn/aXB/WvG/0KY84eb/3HbG
=1AKD
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list