[dns-operations] A DNS and network security forced marriage
Patrick, Robert
Robert.Patrick at hq.doe.gov
Fri Mar 12 17:26:48 UTC 2010
Using a black list of malicious domains to block (e.g. return wildcard 127.0.0.1 responses for all A records, or provide an IP of a target system within your own network to catch and log all traffic requests) is a practice in use within a growing number of organizations as a countermeasure against malware, adware, etc.
The concept is an extension of an RBL for use beyond just fighting spam.
Careful on blocking TLD (example: .cn) and second-level domains (example: foo.com) as this can quickly result in breaking legitimate traffic. But, blocking against third-level and higher names should have relatively low impact for most enterprises.
I recommend implementing a white-list to ensure any submissions to your black list don't inadvertently break sites you _must_ access (said differently, any such block against white-list names should required special approval), which for U.S. government agencies may include ".gov", ".mil", off-site applications hosted with contractors, business partners, etc.
--/--
More information about the dns-operations
mailing list