DNS is a very valuable resource for online communications. Without it, we would be dealing strictly with IP addresses. We would have to operate using host tables to link IPs to URLs. That is how it was done in the early days of the internet. Predictably, that system soon became unmanageable as the number of internet sites grew.
In future postings, I'll cover some of the measures DNS administrators take to secure their DNS servers. Some of the topics I plan to cover will be:
1. Methods to secure the server
2. Securing DNSSEC transactions
3. DNS Security Extensions (DNSSEC) to secure DNS queries/responses
I should mention that my discussion will focus mainly on authoritative DNS servers. These are servers that answer queries from "the outside world" (relative to your domain) looking for sites or services that your domain hosts.
At the possible expense of stealing my own thunder, I'll give credit to a couple of references that are of enormous help to me:
"The National Institute of Standards and Technology (NIST) Secure Domain Name System (DNS) Deployment Guide"
csrc.nist.gov/publications/nistpubs/800-81r1/sp-800-81r1.pdf
DNS and Bind, 5th Edition by Cricket Liu and Paul Albitz
No comments:
Post a Comment