cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Philipp Guehring <philipp AT cacert.org>
- To: teus AT theunis.org
- Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>, Greg Stark <gstark AT electrorent.com>
- Subject: Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue]
- Date: Sun, 08 Mar 2009 23:29:52 +0100
- Authentication-results: lists.cacert.org; dkim=neutral header.i= AT cacert.org; dkim-asp=none
- List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
- List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>
Hi,
>> There is certainly no lack of expertise here with operating a DNS service.
>> As for security reasons: I don't know why CAcert is not running its own
>> DNS service. There may be historical reasons which I don't know about.
>> If we are to run our own DNS, I would consider this to be part of the
>> critical services, together with web, database and signing.
>> It would not immediately require a separate physical or logical server,
>> but could be handled by the current web/db server.
I don't think that it's a good idea to add unnecessary services on our
critical servers, since they impose additional security risks.
If we really want to operate our own DNS service, we should do that on
servers that do not cause additional security risks for our core
infrastructure.
Best regards,
Philipp Gühring
- [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Teus Hagen, 03/03/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Evaldo Gardenali, 03/04/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Wytze van der Raay, 03/06/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Ian G (Audit), 03/06/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Philipp Guehring, 03/08/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Philipp Guehring, 03/08/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Wytze van der Raay, 03/09/2009
- Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue], Ian G (Audit), 03/09/2009
Archive powered by MHonArc 2.6.16.