What are the available methods to Secure a DNS Server?
What solutions to secure DNS operation do you know?
How do you think DNS is important for the Internet operation?
What happen if DNS of your company/network, your provider or root DNS failures?
Comment from cafall
Time February 28, 2010 at 8:45 pm
Don’t make it accessible to any more hosts that are necessary. If this is for use on the Internet, this is a somewhat moot point. If this is for use on a LAN, don’t make the server visible to the internet. There are lots of tricks you can use to hide it from internetworks, or even subnets on the intranet(s). If this is meant to provide/receive updates/transfers from/to other servers, be sure to authenticate peers as well as possible.
The current US President’s administration seems to think the root DNS servers it controls are worth hoarding even from the other countries whose internet we all share. Many of the attacks on the Internet at large were aimed at the root DNS servers. Fortunately, the distributed and cross-platform nature of the current configuration prevented any of these attacks from being any more than temporary annoyances.
In my experience, DNS failure is usually met with anything from “The Internet is borken zomg!” to “Damn, I wish I’d kept more in my hosts file.” It depends on the skill level of your customers, but more often than not it will result in a temporary cessation of operations.