Chapter 13. DNS Security

DNS is complex, and can be difficult to understand. This complexity is compounded by often conflicting advice on how DNS should be managed. Most of this advice is accurate, depending on your needs, but it is important to understand that not all advice applies equally to all situations.

As with any other part of the network, there are several aspects of DNS security that need to be addressed:

  • The domain name

  • The authoritative DNS server

  • Individual zone files

  • The caching DNS server

Before understanding the idea behind DNS security strategies, it is important to know a little of the history of DNS. When the Internet was still a project, called ARPANET, run by DARPA, administrators realized they needed an easy way for machines ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.