DISCUSSION 4
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
210
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
2
Uploaded by ProfessorHeat17493
CYB-210
The domain name system (DNS) protocol plays a critical role in enabling
network communications. Before you begin this discussion, consider
reviewing the optional resources in the Reading and Resources section of
this module, as you may want to use them to support your posts.
For your initial post,
discuss a potential consideration associated with the
use of DNS
. Frame your consideration in terms of potential impacts to
network architecture, organizational security, or technology management.
Consider the following DNS-related topics as the focus for your post:
Zones: resource record types and/or zone transfers
Zones: master (primary) zone versus slave (secondary) zones
Public DNS versus private DNS versus split DNS
DNS-related vulnerabilities: man-in-the-middle attacks, DNS cache
poisoning/DNS spoofing, Kaminsky DNS vulnerability, dynamic DNS
update vulnerabilities, or distributed denial of service (DDoS) attacks
Static DNS versus dynamic DNS (DDNS)
Hi Class,
A DNS Zone is a specific portion of the DNS namespace managed by a
specific organization or administrator.
Primary (Master) DNS zone you can
manage a host through this zone, and it is the holder of the original zone
files. Plus, it contains a read/write copy of the zone data. Secondary (Slave)
DNS zones can be them for better performance, backup, redundancy, and
for hiding your primary. Plus, it also holds a copy of the zone file. They load
zone data from the authoritative server allow you to balance the demand
of the servers and provide the backup if the primary goes down.
https://www.cloudns.net/blog/master-slave-dns/#:~:text=Primary
%20(Master)%20DNS%20zone%20%E2%80%93,Primary%2C%20for
%20backup%20and%20redundancy
.
https://www.cloudflare.com/learning/dns/glossary/dns-zone/#:~:text=A
%20DNS%20zone%20is%20a,root%20domain%20at%20the%20top
.
Respond to at least two of your peers by addressing one of the following:
Select a different frame of reference (infrastructure, security, or
maintenance) and compare the effect on the selected topic identified
in the original post.
Or
Provide additional considerations, advantages, or implications related
to the original post.
Hi Anthony,
Another vulnerability that you did not mention in your post was flooding. The flooding could
overwhelm the DNS servers with false requests on the server. Also, by hijacking where the
threat actors install malware and by changing the DNS settings. I do think having DNSSEC would
help prevent threat actors but making sure that there is low access to secure files always will
help too.
Hi Kenric,
I agree with you that using DNSSEC to protect the domain is a great source to protect it. But I
also think the companies should log all the DNS activities. Also, then by make sure the DNS
cache is locked and that the ACL is precise. Then keeping the DNS server constantly updated will
make it so threat actors are not able to get into the system if it was not updated.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help