[dns-operations] A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Doug Barton dougb at dougbarton.email
Mon Feb 25 16:32:56 UTC 2019


On 2019-02-23 10:17 PM, Bill Woodcock wrote>
> We’re switching to split-horizon DNS, such that nothing else which requires authentication will be resolvable without first being on the VPN.

If you're going to go through that level of trouble, why not instead do 
it right, and put the sensitive hosts in their own zone, which is only 
visible on the internal resolvers?

"If split DNS is your answer, you're asking the wrong question."


More information about the dns-operations mailing list