On Jun 14, 2013, at 11:07 AM, Chip Marshall <[email protected]> wrote:
> There was some talk at a recent meeting about establishing some > best practices for operating a DNS server. I'm curious if anyone > is running with this, and if not, if this would be a good forum > to start working on such a project. > > I know there are some IETF documents around best practices for > things like DNSSEC, but to the best of my knowledge there's not a > good repository for things like RRL, making sure your recursive > resolver isn't open, ensuring source port randomization (I know I > still see a lot of source 53 queries) and so on. I know I certainly would be interested in a few things, e.g.: a) Secure configuration guidelines (RRL you can't make part of that, because it requires too much tuning IMHO). b) configuration templates to align with guidelines (e.g.: remove query-source=53 etc) for the various DNS servers and systems. c) configuration parser/warning system (e.g.: remove X, Add Y) d) I have dns-map.org and have been meaning to do something interesting with it. I'm interested in linking to such documents and helping shape them as part of the OpenResolverProject. - Jared _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
