S 6.139 Creation of a business continuity plan for DNS servers

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

The failure of DNS in an information system has a serious effect on the operation of the IT infrastructure. Here, it is not the failure of the DNS system which constitutes the problem, but the restricted use of and access to DNS-based services resulting from such failure. Web servers can no longer be accessed and remote maintenance no longer functions.

Depending on which DNS servers fail, the name resolution within the organisation and/or from outside no longer functions. If the name resolution from outside no longer functions, such a problem will usually become publicly known quickly, which might result in damage to the organisation's reputation if such failures occur regularly or for longer periods of time.

It is therefore necessary to draw up a concept detailing how the effects of such a failure can be minimised and which action needs to be taken in case of a failure. When determining this action, the following aspects should be considered:

• The contingency planning for DNS servers must be integrated into the existing business continuity plan (see also module S 1.3 Business continuity management).
• A system failure may result in the loss of data. Thus, a data backup policy must be prepared for the zone files. This policy must be integrated into the existing data backup policy (see module S 1.4 Data backup policy).
• In addition to the business continuity plan for the DNS server, a business continuity plan must also be drawn up for the lower-level operating system.
• In order to operate a DNS server for requests from the Internet, a functioning Internet connection is required.
• The system configuration must be documented (see S 2.25 Documentation of the system configuration). Important tasks must be described in such a way that the overall system can be restored by IT employees in the event of an emergency even without prior knowledge of this system configuration.
• If the malfunction was the result of an attack, the vulnerability must be eliminated and documented.
• A recovery plan guaranteeing that the IT system(s) can be booted in a controlled manner must be drawn up.
• The business continuity plan should be tested for its feasibility.

Review questions:

• Does a business continuity plan exist for the DNS server?
• Was the business continuity plan for DNS servers integrated accordingly into the existing business continuity plans?
• Was the business continuity plan for DNS servers documented accordingly?