Your browser has JavaScript turned off.
You must turn it on to proceed.










NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-8-8048

Number 9-8-8048
Priority Highly Important
Description Protect DNS (Domain Name System) from Poisoning: Service Providers, Network Operators, and Equipment Suppliers should mitigate the possibility of DNS cache poisoning by using techniques such as 1) Preventing recursive queries, 2) Configure short (2 day) Time-To-Live for cached data, 3) Periodically refresh or verify DNS name server configuration data and parent pointer records. Service Providers, Network Operators, and Equipment Suppliers should participate in forums to define an operational implementation of DNSSec.
Network Type(s) Internet/Data
Industry Role(s) Service Provider; Network Operator
Keyword(s) Cyber Security;Network Design;Network Elements;Network Operations;
Reference/Comments RFC-1034, RFC-1035, RFC-2065, RFC-2181, RFC-2535, ISC BIND 9.2.1 US-CERT "Securing an Internet Name Server" (http://www.cert.org/archive/pdf/dns.pdf).