[dns-operations] A Deep Dive on the Recent Widespread DNS Hijacking Attacks
dougb at dougbarton.email
Mon Feb 25 16:32:56 UTC 2019
On 2019-02-23 10:17 PM, Bill Woodcock wrote>
> We’re switching to split-horizon DNS, such that nothing else which requires authentication will be resolvable without first being on the VPN.
If you're going to go through that level of trouble, why not instead do
it right, and put the sensitive hosts in their own zone, which is only
visible on the internal resolvers?
"If split DNS is your answer, you're asking the wrong question."
More information about the dns-operations