View Single Post
Old 5th November 2012, 16:41
Ben Ben is offline
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts

Do you mean the dns serer shall hash its zone names e.g. with sha1 so that anybody reading the db directly won't know whicht zone it is?!

If so I don't think this can work, as a hash function can not be reverted, thus a reverse lookup should not be possible.

Besides this I personall do not see a real benefit from security perspective as except with google / shodan etc. you won't just dump all zones of a dns server except you allow zone transfers for anybody. For users having local access you can eitther prevent looking to those files or you do it the classical way of securing thinks by segregation of duties and set up a dedicated dns server...
Reply With Quote