||Recover from Compromised DNS (Domain Name System) Servers or Name Record Corruption: If the DNS (Domain Name System) server has been compromised or the name records corrupted, Service Providers and Network Operators should first flush the DNS cache and, failing that, implement the pre-defined disaster recovery plan. Elements may include but are not limited to: 1) bring-on additional hot or cold spare capacity, 2) bring up a known good DNS server from scratch on different hardware, 3) Reload and reboot machine to a know good DNS server software (from bootable CD or spare hard drive), 4) Reload name resolution records from a trusted back-up. After the DNS is again working, conduct a post-mortem of the attack/response.
||Cable; Internet/Data; Satellite; Wireless; Wireline
||Service Provider; Network Operator
||Cyber Security;Disaster Recovery;Emergency Preparedness;
||RFC-2870, ISO/IEC, 15408, ISO 17799, US-CERT "Securing an Internet Name Server".