Search DNSSEC Blog


Tuesday, December 16, 2008

Identify and Mitigate Windows DNS Threats

Two weeks ago we took a look at what you need to do to prepare for a Windows DNS deployment, and how to blend Unix-based DNS with your Active Directory (AD) structure. This week we're back to consider several threats you need to be aware of, and steps you need to take to protect your Windows-based DNS servers and network.

Footprinting, for instance, is a case where an attacker obtains information about your DNS zones and your network via zone transfer.

Zone transfers are preventable at the firewall and routers on the perimeter of your network. DNS client queries are transmitted on UDP port 53, and TCP port 53 is used for zone transfers. Zone transfers outside of the protected network (outside your firewall) via TCP port 53 should be avoided.

Continue reading...