Re: Search domains in our environment (Proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/19/07, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote:
>
> I forgot to mention one other concern.  A MitM attack or DNS poisoning.
> This possibility does exist, but exists in our environment as is
> anyway.  This is something we should look at mitigating but other than
> running a DNS server at every site, I'm not totally sure how to fix it.
> I consider all of our donations as partnerships.  After all, they have
> local access to the box.  At the same time though it is something we
> should count as a risk and mitigate as much as possible.

I believe that DNSSEC is supposed to be the solution to the MitM/DNS
poisoning problem.  It's been a while since I messed with it, but with
DNSSEC your DNS entries get signed with a public key and then properly
configured systems will check the signatures on all lookups involving
fedora*.org.  Having this as a part of the standard setup in Fedora's
BIND package would be awesomely cool because then every Fedora machine
would be protected against someone spoofing their DNS and possibly
causing problems.

I've been meaning to set this up for my personal domain so I could
work on the details over the holiday break...

Jeff

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux