[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

``Secure name resolution'' [Re: ]

To: namedroppers@ops.ietf.org
Subject: ``Secure name resolution'' [Re: ]
From: Peter Koch <pk@TechFak.Uni-Bielefeld.DE>
Date: Mon, 03 Jun 2002 20:21:09 +0200
In-reply-to: Your message of "Mon, 03 Jun 2002 13:58:34 EDT." <3CFBAE4A.AD23CD1F@daimlerchrysler.com>


Hi,

> > For example, I would like to have www.example.com only be resolvable by
> > members of a specific group, and make it "invisible" to others.

[...]
> You could define those "special" names as zones by themselves, and then
> define separate "view"s for the "permitted" versus the
> "forbidden" clients. This would require BIND 9, which supports "view".

while all these implementation specific solutions (hacks, YMMV) exist, they
are applicable in limited scenarios only. There is no interoperable way
to communicate scopes or views between primary and secondary nameservers,
since the amount of metadata exchanged in a zone transfer is limited to
what the SOA RR can carry.

-Peter

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re:
  - From: Kevin Darcy <kcd@daimlerchrysler.com>

Prev by Date: Re:
Next by Date: Re: Access controls on DNS queries (was RE: [no subject])
Previous by thread: Re:
Next by thread: I-D ACTION:draft-ietf-dnsext-rfc2536bis-dsa-02.txt
Index(es):
- Date
- Thread