Hi,
The front end naming architecture uses a primary and a secondary dns server
to synchronize a zone. The expected exchanges are (SOA, NOTIFY, IXFR, AXFR.
We would like to get feed backs from the working group on what are the most
appropriated way to secure this channel.
Options we have consider
Hi,
We are looking for a simple way to configure the primary / secondary DNS
setting between the homenet and the outsourcing infrastructure. The
exchange of these information is done over a secure channel - let say TLS.
While we coudl re-define a configuration template / mechanism we believe
that
Daniel Migault wrote:
> Options we have considered are TSIG, IPsec, TLS, DTLS. TSIG does not
> provide confidentiality, and we would rather go for user space security.
> Are there any recommendation for using TLS or DTLS in that case ?
And TSIG requires the Distribution Master to hav
Daniel Migault wrote:
> the zone with the outsourcing infrastructure. To build the zone some
> elements of the infrastructure are needed such as the NS and IP for
> example. One way to enable the transmission of information from the the
> outsourcing infrastructure to the homenet
On 07/06/2019 21:03, Daniel Migault wrote:
Hi,
The front end naming architecture uses a primary and a secondary dns
server to synchronize a zone. The expected exchanges are (SOA, NOTIFY,
IXFR, AXFR. We would like to get feed backs from the working group on
what are the most appropriated way
Ray Bellis wrote:
>> Options we have considered are TSIG, IPsec, TLS, DTLS. TSIG does not
>> provide confidentiality, and we would rather go for user space security.
>> Are there any recommendation for using TLS or DTLS in that case ?
> Please don't invent something new. DNS ov
On Jun 7, 2019, at 11:36 PM, Michael Richardson wrote:
> Can we use TLS for authorization, assuming that we have trusted certificates
> at both ends? Perhaps this is more of a: did anyone implement this?
How is trust established? Sure, doing TSIG over TLS is no problem.
__
