16.8. DNS Best Practices
Over the years, DNS has had a variety of weaknesses. A common reason for these vulnerabilities is improper security configurations of DNS servers. But most recently there have been attacks against even the best-defended servers. Some of these attacks seem fairly innocuous, such as the act of gaining useless information about an environment, while other attacks have been known to forward data through the DNS responder to arbitrarily execute commands. We suggest keeping public-facing DNS on a server outside your environment (with your registrar perhaps) so that other servers can find your domain for mail and web services while not exposing your environment to hacks.
A good number of other services require DNS to function ...
Get Enterprise Mac Security: Mac OS X Snow Leopard now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
