Skip navigation
Menu
Compute Engines

A Sysadmin’s DNS Best Practices

  1. Create DNS zones in internal DNS servers to fight some obvious Web ads.
  2. Use OpenDNS (www.opendns.com) DNS servers as forwarders, to add an extra layer of security.
  3. Block the exact DNS protocols (UDP, TCP, or both) on the edge—the firewall—and on the server. Also, lock down the DNS server. I’ve found Windows Server 2003 SP1’s security configuration wizard very useful for these two tasks.
  4. Use Active Directory (AD)–integrated zones and secure dynamic updates.
  5. Restrict DNS replication only to the necessary DNS servers.
  6. Implement split DNS, if applicable.
  7. Use DNSstuff (www.dnsstuff.com) to get useful additional information—also helpful for troubleshooting.
  8. Get rid of NetBIOS over TCP and WINS. (Windows Server 2008 has a special DNS zone that eliminates the need for a WINS server.)
  9. Develop your own best practices list!
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023