Plain DNS has plenty of security problems, but what are the best practices for maximizing your DNS security. Specifically I'm wondering about how outsourced DNS, which leaves you open to social engineering attacks, compares to in-house management.
Even with the latter, it is common for small organizations to run a private authoritative server and have the public servers outsourced. Though I'm betting in that scenario an attacker would have a harder time merely making a modification to a zone. Rather than simply modifying records from a web UI, he'd have to set up a server to do the zone transfer and convince the provider to pull from his server. Thoughts? -Tom -- Tom Metro Venture Logic, Newton, MA, USA "Enterprise solutions through open source." Professional Profile: http://tmetro.venturelogic.com/ _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
