Connected: An Internet Encyclopedia
5. Security Considerations

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 2137
Prev: 4.2 Update Data Signatures
Next: References

5. Security Considerations

5. Security Considerations

Any zone permitting dynamic updates is inherently less secure than a static secure zone maintained off line as recommended in RFC 2065. If nothing else, secure dynamic update requires on line change to and re-signing of the zone SOA resource record (RR) to increase the SOA serial number. This means that compromise of the primary server host could lead to arbitrary serial number changes.

Isolation of dynamic RRs to separate zones from those holding most static RRs can limit the damage that could occur from breach of a dynamic zone's security.


Next: References

Connected: An Internet Encyclopedia
5. Security Considerations