In the immortal words of Michael.Dillon@radianz.com (Michael.Dillon@radianz.com):
I suggest that an appropriate technique would be for the BIND server to originate traffic on it's local subnet that would look suspicious and possibly trigger intrusion alarms.
Good lord. I'm a little stuck for a proper analogy for this. A car that "helpfully" starts emitting noxious smoke to let you know that it's time for a tune-up? A refridgerator that drips bleach into your vegetable drawers to remind you to replace the coolant? An answering machine that replaces the outgoing message with a stream of profanities to alert callers that the incoming message tape is full? If people are so concerned about BIND's security that they're willing to seriously consider implementing ideas like this, why are they not willing to either consider replacing BIND with DNS software that is secure by design (*cough* *cough*), or paying the ISC to produce a properly secured BIND? The solution to the Ford Pinto problem was not to recommend that people duct-tape sofa cushions and homemade warning lights to the back bumper. -n ------------------------------------------------------------<memory@blank.org> "Thus do `Snuff Movies' take their place with `Political-Correctness,' `Sex Addiction,' and `Postmodernism' as Godzillas of bogus moral panic, always threatening to crush the nation in their jaws, but never quite willing to take the final step of biting down. (--www.suck.com) <http://blank.org/memory/>----------------------------------------------------