Skip to Content.
Sympa Menu

cacert-sysadm - Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue]

cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue]


Chronological Thread 
  • From: Philipp Guehring <philipp AT cacert.org>
  • To: teus AT theunis.org
  • Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>, Greg Stark <gstark AT electrorent.com>
  • Subject: Re: [Cacert-sysadm] [Fwd: Re: DNS Security Issue]
  • Date: Sun, 08 Mar 2009 23:29:52 +0100
  • Authentication-results: lists.cacert.org; dkim=neutral header.i= AT cacert.org; dkim-asp=none
  • List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
  • List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>

Hi,

>> There is certainly no lack of expertise here with operating a DNS service.
>> As for security reasons: I don't know why CAcert is not running its own
>> DNS service. There may be historical reasons which I don't know about.
>> If we are to run our own DNS, I would consider this to be part of the
>> critical services, together with web, database and signing.
>> It would not immediately require a separate physical or logical server,
>> but could be handled by the current web/db server. 
I don't think that it's a good idea to add unnecessary services on our
critical servers, since they impose additional security risks.
If we really want to operate our own DNS service, we should do that on
servers that do not cause additional security risks for our core
infrastructure.

Best regards,
Philipp Gühring




Archive powered by MHonArc 2.6.16.

Top of Page