DNS Configuration and Management Manual (G06.27+, H06.05+, J06.03+)
DNS Configuration on the NonStop Server
HP DNS Configuration and Management Manual—529432-003
3-8
Remote Caching Corruption Threat
Remote Caching Corruption Threat
At this time, securing resolvers is not standardized. Resolver queries are classified as
a client-to-client threat.
Implementing DNS Security Solutions
You can use several tools and techniques exist to control the possible security threats
in your DNS architecture. For simplicity in providing examples, this subsection
assumes that you are either running DNS on your NonStop server internally and need
just basic security or that you are connecting the NonStop server to the Internet and
need maximal security. Some methods apply to both scenarios.
Figure 3-5. Remote Caching Corruption Threat, Client to Client
Note. RFC 3833, Threat Analysis of the Domain Name System (DNS), provides an important
analysis of security threats and the limitations to DNSSEC.
vst006.vsd
master
server
master
server
DHCP
server
Possible Security Threats
zone files
slave
server
slave
server
remote
caching
server
Client
Client
Resolver Queries