
	Home > Windows Tips > > Why protect DNS?

Win IT Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

Why protect DNS?

James Michael Stewart
07.06.2004
Rating: -2.49- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

Active Directory depends upon DNS. If DNS fails, so does Active Directory. This, in turn, means that if DNS fails, your entire network may be disabled. Many of the functions and features of AD use DNS to locate domain controllers, systems, services, clients, and other objects. It should be obvious that protecting DNS is almost as important as protecting AD itself.

But some of you may not be fully convinced that the cost in dollars, time, and effort to protect DNS are as warranted as that to protect AD. So, consider the following...

Active Directory and DNS work in a distributed environment. Multiple servers host these services and their ability to interact with each other and the rest of the network allows them to provide the essential services of the network (i.e. directory services and name resolution). This eliminates single points of failure, provides for efficient operation through shared resources, and can be designed to mimic the organizational hierarchy of the company.

However, distributed environments offer attackers or even mis-guided users numerous methods of interfering with normal operations:

Communications between DNS servers may be corrupted
Communications between DNS servers may be blocked
DNS databases may become corrupted
DNS databases may be intentionally poisoned with false data
DNS servers may be disabled or shut down
DNS servers may be the target of a DoS attack
Physical connections to DNS servers may be damaged

If any of these types of attacks or unwanted occurrences are imposed on a network, this may cause clients and DCs to communicate with unauthorized DNS servers or DCs or simply prevent clients and DCs from being able to locate and communicate with each other.

Providing protection for DNS as a means to provide additional protection for AD DCs is an essential part of establishing a truly secure networking environment. In later tips I'll discuss some of the techniques you can employ to improve DNS security and reliability.

James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

Rate this Tip
To rate tips, you must be a member of SearchWinIT.com. Register now to start rating these tips. Log in if you are already a member.

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 1999 - 2008, TechTarget \| Read our Privacy Policy