--- Begin Message ---
On 2/10/22 9:02 AM, Subramanian, Karthikeyan via dns-operations wrote:
Best practice for securing DNS A records and other records.
This is a one word answer to me; "DNSSEC".
Mainly focusing on “A” records configured in DNS system are secure and
not stale.
Stale data in your DNS zones is not really a DNS problem per se any more
than it's your fridge's problem that the food is old and now moldy.
Few points collected.
-> Check the IP address that belong to our organization
That's a DNS /data/ problem. (See above.)
-> Check the IP are active and not opened to all the ports
-> Check the certificate are valid/secure, if its responding in
application layer (http , https)
These are outside of the scope of DNS.
Do you have any best practice guidelines for A records. Want to check if
any available TOOL to validate the records are safe on the DNS layer.
The "DNS layer" translates names to IPs, IPs to names, and a few other
less common things.
What is on the other end of the names / IPs is outside of the DNS scope
of influence.
--
Grant. . . .
unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
