Jared Mauch wrote: > On Jun 14, 2013, at 11:07 AM, Chip Marshall <[email protected]> wrote: > >> There was some talk at a recent meeting about establishing some >> best practices for operating a DNS server. I'm curious if anyone >> is running with this, and if not, if this would be a good forum >> to start working on such a project. >> >> I know there are some IETF documents around best practices for >> things like DNSSEC, but to the best of my knowledge there's not a >> good repository for things like RRL, making sure your recursive >> resolver isn't open, ensuring source port randomization (I know I >> still see a lot of source 53 queries) and so on. > > I know I certainly would be interested in a few things, e.g.: > > a) Secure configuration guidelines (RRL you can't make part of that, because > it requires too much tuning IMHO).
rrl's defaults work fine on every authority server i've tried. what's your experience, with config snippets and test results?
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
