Telstra ADSL

[Matthew Hawkins]

Drake Diedrich (dld at coyote.com.au) wrote:
> > I hope that doesn't get sent over the net in clear, or even in encrypted
> > form - very insecure.
> 
>    It is very insecure, but the purpose of DNS is widespread publication and
> convenience, not security.

I'm fairly certain that the authentication token to update the remote
DNS server is encrypted with an MD5 or SHA1 hash when transmitting over
the wire.  Check out the options in the configuration of (for example)
BIND v9.

DNS should be THE most secure service on your network.  When DNS is
broken, pretty much everything else breaks.  When the public A records
for your company's web servers are mysteriously altered to
209.242.124.241 (or whatever), you'll care.

-- 
Matt
"So, logically, if she weighs the same as a duck, she's made of wood, and therefore a witch!"
(Monty Python and the Holy Grail)