DNS Best Practices

DNS services, while essential to modern business, are largely either misunderstood or neglected. Managing DNS has traditionally been a very technical undertaking. DNS services are many times becoming a victim of their past reliable performance and are being taken for granted. However, the nature of the traditional computer network is changing, partially due to the introduction of new network usage patterns such as through wireless devices and VoIP telephones. There has also been a jump in the traffic loads on networks, reflecting the increased reliance on packet networks for intercommunication with these new devices.

DNS services remain essential to these networks. Without DNS, most resources on the network quickly become unreachable. Since the DNS management and service provision for many networks has not been scaled to match this growth, a situation exists where the funtionality of many entire networks can be compromised either through human error or a through set of easily implemented attacks. Compromises include Denial of Service (DoS) attacks that render DNS unavailable and more subtle attacks such as cache poisoning which can deliver users to fraudulent web sites masquerading as legitimate sites.