S 2.453 Withdrawal from operation of DNS servers

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

If it is decided to withdraw a DNS server from operation, for example because the domain is discontinued, some items must be taken into consideration when withdrawing the server from operation. The withdrawal plan is intended to prevent references to DNS servers which no longer exist from remaining in the domain name space, amongst other things.

Deletion/disposal of the storage media

The storage media of all affected computers must be securely deleted before they are reused (see S 2.167 Selecting suitable methods for deleting or destroying data). If disposal of the hardware is planned, it must be disposed of in a secure manner (see S 2.13 Correct disposal of resources requiring protection).

Deletion of a DNS server from the domain name space

If the DNS server has not been registered with the superior domain, no further steps are required. However, if the DNS server has been registered with the superior domain, the withdrawal from operation must be announced to the administrators of this superior domain so that they delete all zone entries of the withdrawn DNS servers from the superior domain.

Deleting the system from the general network

All references at the network and operating system level must be deleted. If the withdrawn server is entered as standard DNS server with the internal system of the organisation, these entries must be deleted. Zone transfers configured between the withdrawn DNS server and remaining DNS servers must be deleted as well.

Review questions:

© Federal Office for Information Security. All rights reserved.