||Protect DNS (Domain Name System) from Poisoning: Service Providers, Network Operators, and Equipment Suppliers should mitigate the possibility of DNS cache poisoning by using techniques such as 1) Preventing recursive queries, 2) Configure short (2 day) Time-To-Live for cached data, 3) Periodically refresh or verify DNS name server configuration data and parent pointer records. Service Providers, Network Operators, and Equipment Suppliers should participate in forums to define an operational implementation of DNSSec.
||Service Provider; Network Operator
||Cyber Security;Network Design;Network Elements;Network Operations;
||RFC-1034, RFC-1035, RFC-2065, RFC-2181, RFC-2535, ISC BIND 9.2.1 US-CERT "Securing an Internet Name Server" (http://www.cert.org/archive/pdf/dns.pdf).