-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/14/2013 11:07 AM, Chip Marshall wrote: > I know there are some IETF documents around best practices for > things like DNSSEC, but to the best of my knowledge there's not a > good repository for things like RRL, making sure your recursive > resolver isn't open, ensuring source port randomization (I know I > still see a lot of source 53 queries) and so on.
I have been using this document a lot when working with .edu's on open resolvers. Domain Name System (DNS) Security Reference Architecture http://www.dhs.gov/sites/default/files/publications/dns_reference_architecture_0.pdf Not sure how close that is to what you are envisioning. Gabe - -- Gabriel Iovino Principal Security Engineer, REN-ISAC http://www.ren-isac.net 24x7 Watch Desk +1(317)278-6630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAlG7VbUACgkQwqygxIz+pTuKWACdEPL+8PCt8OVVdddUHcfg0pXS tfsAoL+Mfzn/aXB/WvG/0KY84eb/3HbG =1AKD -----END PGP SIGNATURE----- _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
