[dns-operations] Best practice for securing DNS record
Grant Taylor
gtaylor at tnetconsulting.net
Thu Feb 10 19:31:05 UTC 2022
On 2/10/22 9:02 AM, Subramanian, Karthikeyan via dns-operations wrote:
> Best practice for securing DNS A records and other records.
This is a one word answer to me; "DNSSEC".
> Mainly focusing on “A” records configured in DNS system are secure and
> not stale.
Stale data in your DNS zones is not really a DNS problem per se any more
than it's your fridge's problem that the food is old and now moldy.
> Few points collected.
>
> -> Check the IP address that belong to our organization
That's a DNS /data/ problem. (See above.)
> -> Check the IP are active and not opened to all the ports
> -> Check the certificate are valid/secure, if its responding in
> application layer (http , https)
These are outside of the scope of DNS.
> Do you have any best practice guidelines for A records. Want to check if
> any available TOOL to validate the records are safe on the DNS layer.
The "DNS layer" translates names to IPs, IPs to names, and a few other
less common things.
What is on the other end of the names / IPs is outside of the DNS scope
of influence.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20220210/5c427896/attachment.bin>
More information about the dns-operations
mailing list