Securing DNS Servers
When planning the security of DNS servers, you should prepare for attacks against both DNS clients and DNS servers. Either type of attack can lead to clients being directed to unauthorized DNS servers or referenced to incorrect servers by fraudulent DNS resource records. By implementing the following security measures, you can reduce the probability of a successful attack against your DNS servers. These measures increase the security of your DNS servers and lessen the chances of a successful attack:
Implementing Active Directory–integrated zones
Implementing separate internal and external DNS name servers
Restricting zone transfers
Implementing IP Security (IPSec) between DNS clients and DNS servers
Restricting DNS traffic at ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
