secure DNS hosting?
Amos Shapira
amos.shapira at gmail.com
Thu Jan 28 06:06:02 IST 2010
2010/1/28 Ori Berger <linux-il at orib.net>:
> I have no specific knowledge of UltraDNS, and if Amazon uses them, I'm sure
> they're very good at what they are doing.
>
> However, please be aware that DNS based attacks are often not directed at
> infrastructure under the attacked entity's control (e.g. poisoning
> resolvers, netbios replies, initiatiating domain transfers through a
> less-than-competent registrar, etc). And while you should do what you can to
> secure your DNS infrastructure, you should be using other means as well -
> e.g. server certificates; client certificates; RSA tokens, etc.
>
You are right about DNS vulnerabilities.
What are you refering to by "server certificates, client certificates,
RSA tokens etc"? Are you talking about DNS-SEC or just general web
server security practices?
I'm at the "reading the brochure" stage and google'ing a bit about
them but one of the points I think I got through is that they have
their own servers and cooperation with major ISP's in many places
around the world in order to reduce the exposure to external DNS
vulnerabilities.
Cheers,
--Amos
More information about the Linux-il
mailing list