On 07/06/2019 21:03, Daniel Migault wrote:
Hi,
The front end naming architecture uses a primary and a secondary dns
server to synchronize a zone. The expected exchanges are (SOA, NOTIFY,
IXFR, AXFR. We would like to get feed backs from the working group on
what are the most appropriated way to secure this channel.
Options we have considered are TSIG, IPsec, TLS, DTLS. TSIG does not
provide confidentiality, and we would rather go for user space
security. Are there any recommendation for using TLS or DTLS in that
case ?
Please don't invent something new. DNS over TLS should be fine for
channel security, with TSIG embedded inside that if additional
authorisation is required.
Ray
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
