S 2.452 Selection of a suitable DNS server product

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: IT Security Officer, Administrator

When procuring new DNS server products, it is possible to select these products in such a way that only low personnel, technical, and organisational resources are required during later operations in order to ensure high levels of security. Additionally, different DNS server products offer different scopes of service and different operating comfort. The following aspects should be taken into consideration for procurement:

Syntax verification of the zone information

DNS server products support the administrator in the creation of syntactically correct zone files with different extents. When procuring the DNS server product, it should be defined how the master files are to be verified. If the master files are edited manually, a tool-supported verification of the zone information's syntax may be helpful. For example, the named-checkzone tool may be used for a BIND DNS server to verify the syntax. If a graphical front-end is used for editing the zone information, a two-man principle must be applied in order to ensure that the entered information is translated to syntactically correct zone information, for example.

Review questions:

© Federal Office for Information Security. All rights reserved.