Defending your DNS: best practices for reliable DNS and DHCP

Well-publicized attacks against Domain Name System (DNS) root servers and top-level domains highlight the vulnerability of the DNS
infrastructure. Many CIOs are looking for ways to ensure secure, reliable network services.

We've identified design principles and best practices for resilient, reliable Dynamic Host Configuration Protocol (DHCP) and DNS
services. DNS is the protocol and global network of servers that translate host names into Internet Protocol addresses. Before
taking action, prioritize the risks to your network and identify the potential threats you may face.


[ Read more ]
http://www.computerworld.com/securitytopics/security/story/0,10801,82018,00.html
--
Regard: Joh@nnes
"If U know neither the enemy nor yourself,U will succumb in every battle"
0
Johannes
6/14/2003 2:53:00 PM
grc.security 16608 articles. 3 followers. Follow

0 Replies
891 Views

Similar Articles

[PageSpeed] 1
Get it on Google Play
Get it on Apple App Store

Reply:

Similar Artilces:

DNS/DHCP best practice
When we first got our servers up and running here we were Netware only. Over the years we've added a Windows server and several Linux servers (none SuSE unfortunatley). At this point we ocassionally get some DNS issues (slow lookups, servers not talking to each other, etc). And now (from a previous thread about 5 below this one) NAMED isn't working quite right. So I'm trying to figure out if its time to scrap our exisitng DNS and start over or if its fixiable and just needs some major tweeking to get everyone happy. So first off: 1. Which is the easier utility to us...

DNS? What DNS?
This has never happened before and in light light of this morning's news about the DDOS I was wondering if it is just my machine or if something else is going on. Background: A firewall on one of my machines blocked IE from getting to the net. I wanted to trace where it was planning to go to (207.188.24.150)to figure out if this was just XP again or something else. I tried Neo Trace and PC Helps "Net Tracer" but neither can track it. All I get is "undetermined" or "timed out" Robin In article <3DB714A2.7050902@twcny.rr.com>, omeru...

DNS UP
Hi We are running 2 BM (3.8) Proxies and until today they have been operating reasonably well. Today we have started getting a lot of 504 errors on workstations using either both servers, looking at the proxy DNS page (on both servers) the DNS links are continually going up and down (like our internet) We have 3 DNS servers entered 2 external and 1 internal. I have tested from outside the BM Servers $and know the 2 external DNS servers are working fine (also no one else who use our provider have an issue). The internal DNS also seems fime. We have not made any changes to th...

What are scaling "best practices" for Novell DNS/DHCP?
Does anyone have any guidelines for "best practices" on a Novell DNS/DHCP implementation? We are a large school district rapidly implementing DDNS, and I would like to know if we are within recommended parameters for scalability. We are currently using one DNS server with a passive failover DNS box to service a projected 250 zones. What I'm most curious about is one particular zone that looks like it might grow to around 10,000 records. Can anyone offer any insight into an implementation of this size? James, It appears that in the past few days you have...

Best practice to integrate active directory into novell dns dhcp?
At the moment we have got the following config: 1. NetWare 6.5 DNS, DHCP, DNS Zone abc.de 2. XP PCs with Novell DNS 192.168.1.1 and member of abc.de ad domain 3. Active directory with the domain name abc.de and no DNS or DHCP Whats the best way to use active directory and edirectory with dhcp dns? I think we need a Windows DNS and DHCP to get the optimal windows domain integration. Are there other ways (better)? Thanks... Let MS handle DNS. You can have NetWare act as a Secondary server for your zones if you want. As for DHCP, there's no real advantage to one or the...

DHCP Questions ... Primary DNS Suffix and Bug in DHCP/DNS Utility
I have been reconfiguring our Novell 5.1 SP4 DHCP/DNS server to pass NDS Server, Tree, and Context information through DHCP. I would like to specify the Primary Domain suffix for Windows 2000 workstations. Currently, we manually enter a suffix domain name under the TCP/IP properties, but IT staff sometime forget to perform this step. Any help would be appreciated. Also, the DHCP/DNS Utility appears to have a display bug. The Directory Agent (Code 78) has been specified in my DHCP settings, but no value is displayed unless I click on the Modify button. We are running ...

DNS security patch
Hi, running NW65SP7. I see since Aug 8th (TID#5032400) the security patch for the popular DNS issues has now been posted. What I'm wondering about is it necessary to post this to your server if your DNS is only used for internal queries? That is the DNS cannot be queried from outside the firewall? If not needed when an internal DNS only, then I won't bother installing and risking my environment, since there's no other fix mentioned in the release. Cheers James Jjb, > That is the DNS cannot be queried from outside the > firewall? Do you trust t...

move a netware 6.0 dns and dhcp server to a netware 6.5 dns and dhcp server
would appreciate if someone can step me through how to achieve above. I have checked all Novell tid and discussion forum and could not find steps referring to moving both dns and dhcp servers from a netware 6.0 sp4 server and to netware 6.5 sp4 server. Wai Chu In article <a4k8g.4419$U_.1361@prv-forum2.provo.novell.com>, Wai Meng CHU wrote: > could not find steps > referring to moving both dns and dhcp servers from a netware 6.0 sp4 server > and to netware 6.5 sp4 server. > That's because it's the same as long as you're moving from NW 5.0 ...

What is the best DNS/DHCP Book
--____THGSIAOIDUBNJPDBSAPS____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; modification-date="Sat, 21 Jul 2006 08:11:43 -0400" I have an understanding of dns/dhcp but a novice level. I want to = understand how to configure and properly use dns dhcp better and I would = like to be pointed in the right direction. Specifically how it pertains = to Novell. Jon Street Network Administrator Greater Johnstown School District CNE, ASE, CCA, A+ 518-762-5972 --____THGSIAOIDUBNJPDBSAPS____ Content-...

DNS question for security (DMZ, Private and ISP DNS _
My customer DNS (two WIN 2000 AD) in the private will forward request to IIS 5 DNS in the DMZ. When registering the domain of the customer, would you use the ISP DNS for the customer'domain 2 DNS? Or you would use the DMZ'DNS Server in the DMZ and the ISP DNS for the secondary ??? I'm concerned about security.... JF Unless your customer has an arrangement for the ISP to host their public DNS, then it will do no good to have the ISP's DNS servers listed in the domain registry. Security wise, it would be better to have 2 dedicated DNS servers operating in s...

DNS SECURITY ALGORITHM NUMBERS DNS KEY and SIG RRs
DNS SECURITY ALGORITHM NUMBERS DNS KEY and SIG RRs [RFC2535] use an 8-bit number used to identify the security algorithm being used: Number DescriptionReference --------- ------------------------------ --------- 0 Reserved 1 RSA/MD5 [RFC2537,RFC1321] deprecated, see 5 2 Diffie-Hellman [RFC2539] 3 DSA/SHA1 [RFC2536,DSA,SHA-1] 4 Reserved for Elliptic Curve Crypto 5 RSA/SHA-1 [RFC3110] 6 - 251 Reserved by the IANA 252 ...

DNS Server Red X in DNS/DHCP Management Console
When I startup named.nlm, I get this: Starting eDirectory integrated Novell DNS Server... error: could not listen on UDP socket: address in use error: creating IPv4 interface Loopback Interface 1 failed; interface ignored error: could not listen on UDP socket: address in use error: creating IPv4 interface Loopback Interface 2 failed; interface ignored Loading the configuration and zone data completed. DNS Server running I can't seem to find any info on any of those errors. Also, in the DNS/DHCP Management Console it shows up as a red X. Other than that, it seems t...

Configure PTR record for DNS using DNS /DHCP Management cons
Hello I am running Novell Netware 6.5 sp7 and am having troubles when I do a nslookup it displays can't find server name for address <server ip> Non existent domain. My google searching has led me to beleive this is because I don't have a ptr record setup in my DNS. Any advice on how to set this up would be greatly appreciated. Thanks Jake -- edmundrice ------------------------------------------------------------------------ Please post this in the DNS-DHCP forum, thanks. -- Andrew C Taubman Novell Knowledge Partner http://forums.novell.co...

0.0.0.0 for DNS server IP address in DNS/DHCP console
In DNS/DHCP management console I have a red X accross the DNS server object which doesn't go away and it shows 0.0.0.0 in the DNS Server IP Address field instead of actuall DNS server IP address. How can I edit it and change it to the correct server IP address? Any help would be appreciated -- nsafa ------------------------------------------------------------------------ nsafa, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not...

Web resources about - Defending your DNS: best practices for reliable DNS and DHCP - grc.security

Alliance Defending Freedom - Wikipedia, the free encyclopedia
ADF was founded in 1994 by Bill Bright (founder, Campus Crusade for Christ ), Larry Burkett (founder, Crown Financial Ministries ), James Dobson ...

POLITICO - Breaking news: The White House is defending... - Facebook
Breaking news: The White House is defending itself against charges it secretly obtained records for Verizon phone calls made in the United States,... ...

Electronic Frontier Foundation - Defending your rights in the digital world
Skip to main content Electronic Frontier Foundation Defending your rights in the digital world Search form Search Main menu Home About Our Work ...

Defending Attribution Required
All content contributed to the Stack Exchange network is licensed under cc-wiki (aka cc-by-sa). What does this mean? In short, it’s a way of ...

Clarifying the Tubulin bit/qubit - Defending the Penrose-Hameroff Orch OR Model (Quantum Biology) - YouTube ...
Google Workshop on Quantum Biology Clarifying the tubulin bit/qubit - Defending the Penrose-Hameroff Orch OR Model of Quantum Computation in ...

Kerry says US committed to defending Japan
US Secretary of State John Kerry has arrived in Japan to discuss nuclear tensions on the Korean peninsula after securing vital support from China ...


Unanimously creates history after defending Wagga Town Plate crown
Canberra sprinter Unanimously defended the $85,000 Wagga Town Plate (1200m) on Thursday.

Referee assist video, Pirlo defending corners, Ronaldo’s new boots: Paper Talk
THERE&#8217;S game changing decisions from referees, then there&#8217;s game changing assists from referees.

Palin daughters use slurs on Facebook while defending mum's reality show
SARAH Palin's 16-year-old daughter attacked a user on Facebook while defending her mother's new reality TV show, calling him a "faggot" and a ...

Resources last updated: 12/11/2015 2:56:14 PM