Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: OneWingedShark

If MS DNS is implemented properly, it’s as secure as BIND. Most admins deploy MS DNS with secure updates turned off and zone transfers enabled from all sources, which is just a nightmare for administration and security overall.


8 posted on 07/02/2013 8:10:06 AM PDT by rarestia (It's time to water the Tree of Liberty.)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: rarestia
If MS DNS is implemented properly, it’s as secure as BIND. Most admins deploy MS DNS with secure updates turned off and zone transfers enabled from all sources, which is just a nightmare for administration and security overall.

But the point here is that BIND isn't secure either. Ironsides, on the other hand, is provably free of exceptions (the paper here) and both single-packet denial of service and remote code executions (this paper). That's a huge distinction.

9 posted on 07/02/2013 8:18:39 AM PDT by OneWingedShark (Q: Why am I here? A: To do Justly, to love mercy, and to walk humbly with my God.)
[ Post Reply | Private Reply | To 8 | View Replies ]
To: rarestia
If MS DNS is implemented properly, it’s as secure as BIND. Most admins deploy MS DNS with secure updates turned off and zone transfers enabled from all sources, which is just a nightmare for administration and security overall.

This. Lazy admins take the shotgun approach. Not smart.

13 posted on 07/02/2013 9:48:33 AM PDT by Noumenon (What would Michael Collins do?)
[ Post Reply | Private Reply | To 8 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson