[dns-operations] Checklist for DNS server implementations

[Fred Morris]

Self explanatory? Like an OWASP top ten?

Background:

I'm implementing a service to query $some_data via the DNS as a
convenience. I've done this before, several times, and usually to break
the DNS in some fashion or other, but this time I'm actually trying to
faithfully present data. Plus, it's nominally exposed to at least part
of the big bad internet, which I've always avoided in the past.

So for starters, this service won't be directly exposed. I intend to use
the DNS for caching / proxying, in other words the actual DNS server
which will be exposed to the internet will be e.g. BIND, Knot, Unbound
(and it will forward to the service for that zone). I'm viewing that as
similar to a WAF. It's read only, it has no ability to write data. It
will serve TXT records. [0]

What's BCP? Thanks in advance...

--

Fred Morris

--

[0] I'm going back and forth on requiring TXT in the query or just
returning it regardless.