[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re:

To: "Art Shelest" <artshel@microsoft.com>
Subject: Re:
From: Rob Austein <sra+namedroppers@hactrn.net>
Date: Sun, 02 Jun 2002 13:39:43 +0200
Cc: namedroppers@ops.ietf.org
In-reply-to: <8BD7226E07DDFF49AF5EF4030ACE0B7E04569FD0@red-msg-06.redmond.corp.microsoft.com>
References: <8BD7226E07DDFF49AF5EF4030ACE0B7E04569FD0@red-msg-06.redmond.corp.microsoft.com>
User-agent: Wanderlust/2.8.1 (Something) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3(Unebigoryòmae) APEL/10.3 Emacs/20.7 (i386--freebsd) MULE/4.0 (HANANOEN)

At Sat, 1 Jun 2002 18:05:43 -0700, Art Shelest wrote:
> 
> Secure name resolution question: is there an existing mechanism that
> permits configuring DNS server to only resolve name X for authorized
> clients?
> 
> For example, I would like to have www.example.com only be resolvable by
> members of a specific group, and make it "invisible" to others.

This was an explict non-goal for DNSSEC (RFC 2535 et seq).  DNSSEC
explicitly does not attempt to provide confidentiality.

You could probably hack together something based on TSIG (RFC 2845).
It wouldn't scale, and I wouldn't advise it, but it's your life....

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- [no subject]
  - From: "Art Shelest" <artshel@microsoft.com>

Prev by Date: Re: Mail-Transmitter RR
Next by Date: Re: Mail-Transmitter RR
Previous by thread: [no subject]
Next by thread: Re:
Index(es):
- Date
- Thread