DNS Security (was: RE: [SunRescue] hosts file And DNS files??)

R. Lonstein rescue at sunhelp.org
Mon May 28 14:37:34 CDT 2001


On Sun, May 27, 2001 at 09:42:09PM -0400, Loomis, Rip wrote:
> <Continuing to beat dead horse>
    [snip]
>     The bad news is that (unlike even the Microsoft
>     DNS servers) you can't then extract the data
>     in a compliant format by zone transfers--that
>     was one of the DNS standards that djb deemed
>     optional.  At least that's my read on it...
> 
> </DEADHORSE...okay, or not if people actually
>   consider it of interest...I'm too close to the
    [snip]

Oh, heck, one more swing...

Zone transfers using djbdns are handled by axfrdns, which will
happily live on the same port as the authoritative nameserver,
tinydns, as it answers TCP and tinydns only answers UDP. In practice,
there are no problems with using djbdns except that noone seems to
know enough about it and everyone knows a little bit about BIND.
See http://cr.yp.to/djbdns/axfrdns.html

- Ross




More information about the rescue mailing list