On Fri, Apr 2, 2010 at 2:06 PM, Tom Metro <[email protected]> wrote: > Plain DNS has plenty of security problems, but what are the best > practices for maximizing your DNS security. Specifically I'm wondering > about how outsourced DNS, which leaves you open to social engineering > attacks, compares to in-house management.
You could become an accredited domain registrar: http://www.icann.org/en/registrars/accreditation.htm Barring that, you are going to be subject to social engineering whoever you use. It seems like you need to find one who charges enough money to make it profitable for them to institute real security mechanisms. This could have reasonable ease of use. Perhaps one who requires you to submit SSL client certificates when you register your domains with them. All further changes would be done via the web with that certificate. If someone else gets a copy, they ARE you (and you have no recourse). Or for the ultimate in security make it like PGP key signing. You have to show up in person with two photo ids in order to make any changes to your domain. Maybe an RSA SecurID card for two factor identification. Perhaps a little expensive, but how much is control over your domain worth? The thing is you are not going to get this for $10-20 dollars a year for a handful of domains. You might get it for a few hundred dollars in up front account setup costs and then a reasonable $20 a year per domain added to that. That's assuming that enough people care about this to make economies of scale work. Bill Bogstad _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
