secure (g)libc gethostbyname
From: project2501 (project2501_at_project2501.cor)
Date: 08/02/04
- Next message: Some_Other_Nerd: "Internet/LAN simulation"
- Previous message: Raqueeb Hassan: "Re: problem connecting kernel linux with earthlink DSL"
- Next in thread: Bill Unruh: "Re: secure (g)libc gethostbyname"
- Reply: Bill Unruh: "Re: secure (g)libc gethostbyname"
- Reply: PC: "Re: secure (g)libc gethostbyname"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 02 Aug 2004 15:58:50 +0100
i wonder what the state of secure dns resolution at the client side is
within the (g)libc libraries.
i know that dnssec allows secure (authenticated) zone transfers.
i also know that dnssec allows a chain of trust to be established using
PKI ... but i'mnot sure if this chain ends at your ISP/nearest dns server.
does the client side (libc) allow this chain of trust ot extend to it so
that the communication between the dns requestor and the nearest dns
server is authenticated, validated and possibly encrypted.
that is - at install time, the administraor adds the secret which
identifies the nearest dns server (when writing /etc/resolv.conf). this
way, no dns answers are accepted from other hosts and also spoofing is
prevented too. encyrption of teh actual payload is optional.
is there support for this or is it planned?
t
- Next message: Some_Other_Nerd: "Internet/LAN simulation"
- Previous message: Raqueeb Hassan: "Re: problem connecting kernel linux with earthlink DSL"
- Next in thread: Bill Unruh: "Re: secure (g)libc gethostbyname"
- Reply: Bill Unruh: "Re: secure (g)libc gethostbyname"
- Reply: PC: "Re: secure (g)libc gethostbyname"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
