Guarding your DNS against cache poisoning attacks

Tuesday, October 13, 2009

All companies use DNS and it is a very critical part of the network, if DNS is down virtually everything is down. Cache poisoning is the most famous attack against a DNS server. There are many ways to save your DNS servers from Cache Poisoning. Below you will find a quick list to ensure you don't become a victim of DNS Cache Poisoning.

1) Restrict DNS recursion to only authorized queriers, or disable it entirely.
2) Restrict DNS zone transfers to authorized secondary name servers.
3) Use forwarders to limit exposure.
4) Run the latest name server software.
5) Secure the platform, OS, Apps, Daemons, etc. Latest version, Patching and Secure configuration is a must.
6) Check your work - Ensure there are no configuration errors in your DNS config file.
7) Limit administrative access.

You can read more of the article at net-security.org

0 comments:

  © Blogger templates Newspaper by Ourblogtemplates.com 2008

Back to TOP