A Domain Name System, or DNS, is necessary for businesses to run over the Internet. Unfortunately, even good DNS management systems are unable to protect businesses from service attacks and outages. So, what must businesses do to keep their DNS servers running while being attacked? Below are six pointers to help you keep your DNS safe.
- Keep your internal and external DNS servers separated: it is important to keep the servers that support browsing by internal users separated from the servers that show the world where you are. Build a strong internal DNS system, but never keep it with the DNS server that gives your location to the outside world. That way, if your external DNS servers are attacked, your internal users will still have access to the information they need to continue working.
- Separate your DNS service provider and domain name registrar: find a registrar that has a solid reputation when registering domain names. Make sure they have telephone support and strong security.
- Use one or two DNS service providers: unless you have a small business, never do this yourself. Instead, use one or two different providers to handle your external domain names, with at least three or four DNS servers overall. Since DNS services are inexpensive, it’s not difficult to pay for two providers. Also, make sure each DNS server is in a separate data center. Having them separated geographically is also helpful.
- Maintain control and speed your updates by using DNS protocols: it is best to use a DNS server that has the capability for the service provider to pull data without it being advertised to the outside world. Your DNS service provider will then be able to update your information by doing a DNS zone transfer. That way, you can quickly change names locally while keeping everything synchronized.
- Separate internal use only domains from public domains: find a domain that is related to your external domain for your internal users. If you have services or information that is no one else’s business, use the second domain for that information. For example, you may want to have your virtual private network servers, Internet message access protocol, and webmail on the internal use only domain. This helps the reliability of your company because employees will still be able to access their emails and other information if your main domain is attacked.
- Regularly monitor for DNS server outages: the best way to do this is by using a third-party monitoring service. The service checks the DNS servers every few minutes to alert you if there is an outage.
By following the simple steps above, you can protect your network and DNS servers. If you have more questions about network security, contact us at RedWave Technology Group, LLC today.