Several effective ways to protect DNS servers

Source: Internet
Author: User
Keywords Server

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

DNS software is the target of hackers keen to attack, it may bring security problems, in the Network security protection, DNS security is particularly important. This paper lists four effective methods to protect DNS servers with relevant data and experience over the years. For the reader's reference.

1. Using DNS Forwarders

A DNS forwarder is a DNS server that completes DNS queries for other DNS servers. The primary purpose of using DNS forwarders is to mitigate the pressure of DNS processing, to transfer query requests from DNS servers to forwarders and to benefit from DNS forwarders potentially larger DNS caches.

Another benefit of using DNS forwarders is that it prevents DNS servers from forwarding query requests from Internet DNS servers. This is important if your DNS server keeps a record of your internal domain DNS resources. Instead of having the internal DNS server do a recursive query and contact the DNS server directly, it lets it use forwarders to handle unauthorized requests.

2. Use a caching-only DNS server

Caching only DNS servers is for authorized domain names. It is used as a recursive query or as a forwarder. When only the DNS server receives a feedback, it saves the results in the cache and sends the results to the system that presents the DNS query request to it. Over time, caching only DNS servers can collect a large amount of DNS feedback, which can greatly shorten the time it provides DNS response.

Use only the buffering DNS server as a forwarder, under your management control, can improve the organization security. Internal DNS servers can only buffer DNS servers as their own forwarders, only the DNS server to replace your internal DNS server to complete the recursive query. Using your own caching-only DNS server as a forwarder can improve security because you don't need to rely on your ISP's DNS server as a forwarder, especially if you can't verify the security of your ISP's DNS servers.

3. Using DNS Advertisers

The DNS advertiser is a DNS server that is responsible for resolving queries in the domain. For example, if your host is a publicly available resource for domain.com and corp.com, your public DNS server should configure the DNS zone files for domain.com and corp.com.

DNS advertiser settings other than other DNS servers hosted by the DNS zone file are queries for DNS advertisers to answer only their authorized domain names. This DNS server does not recursively query other DNS servers. This makes it impossible for users to use your public DNS server to resolve other domain names. Increased security by reducing the risk associated with running a public DNS resolver, including cache poisoning.

4. Use DNS Resolver

A DNS resolver is a DNS server that can complete a recursive query that resolves to an authoritative domain name. For example, you might have a DNS server on your internal network that authorizes an internal network domain name internalcorp.com DNS server. When a client on the network uses this DNS server to resolve techrepublic.com, the DNS server performs recursion by querying to other DNS servers for answers.

The difference between a DNS server and a DNS resolver is that the DNS resolver is only for resolving the Internet host name. A DNS resolver can be a caching-only DNS server that does not authorize DNS domain names. You can make the DNS parser only for internal users, you can also make it only for external users, so you do not have to control the outside to set up a DNS server, thereby improving security. Of course, you can also allow DNS parsers to be used by both internal and external users.

The above information is for reference only, if need to know our company intelligent DNS and more protection mode condition can click http://dns.qy.com.cn/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.