Chip,
On 6/14/13 11:07 AM, "Chip Marshall" <[email protected]> wrote: >There was some talk at a recent meeting about establishing some >best practices for operating a DNS server. I'm curious if anyone >is running with this, and if not, if this would be a good forum >to start working on such a project. I'm not aware of any such document, but agree it would be useful. >I know there are some IETF documents around best practices for >things like DNSSEC, Yes, the IETF docs I've seen are focused on operational practices related to DNS as it interacts with technologies such as IPv6 and DNSSEC: http://tools.ietf.org/html/rfc4472 Operational Considerations and Issues with IPv6 DNS http://tools.ietf.org/html/rfc6781 DNSSEC Operational Practices, Version 2 http://tools.ietf.org/html/draft-howard-isp-ip6rdns-06 Reverse DNS in IPv6 >but to the best of my knowledge there's not a >good repository for things like RRL, making sure your recursive >resolver isn't open, ensuring source port randomization (I know I >still see a lot of source 53 queries) and so on. Interestingly, there are efforts underway within a number of the network operator groups to help document best current operational practices. My colleague Jan Zorz has been traveling around speaking with a good number of *NOGs on this particular issue (and is in Zambia at AfriNOG right now) and we've started trying to document the BCOP activity happening in various groups here: http://www.internetsociety.org/deploy360/about/bcop/ Working with one of those groups might be a way to move a document forward. Or creating a repository of DNS-related BCOPs might be a great role that DNS-OARC could play. Regards, Dan -- Dan York Senior Content Strategist, Internet Society [email protected] <mailto:[email protected]> +1-802-735-1624 Jabber: [email protected] <mailto:[email protected]> Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/deploy360/ _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
