Versions Compared

Old Version 1

changes.mady.by.user Steven Kim

Saved on

compared with

New Version 2

changes.mady.by.user Adiel Akplogan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Recursive Server for Enterprise Network,

...

ISPs (Not Public & Open Resolvers)

  1. Best Practices

    1. Hardening the Operating Service Environment
      2. Service


      1. Must 
        1. Limit Access
        2. Enable DNSSEC Validation

      2. Should
        1. Enable QNAME Minimization

      3. May
        1. Enable
        4. Encrypted Look-Up (DNS-over-TLS)
      4. Enable DOH
      5. System
        1. Must
          1. Limit Access
          2. Limit Services to Need 
        2. Should
          1. Document implementation
          2. Maintain Version Control
          3. Monitoring Service performance, Intrusions, Errors, etc
      6. Network
      7. Must
        1. Limit Access
        2. Limit Services to Need 
      8. Should
      9. Documentation
      10. Version Control
        11. Monitoring for Intrusions, Errors, etc
        1. DoT
        2. Enable DOH
        3. NSEC Cashing (if validation is enabled)
    3. Establishing Implementation Guidelines
      1. How-Tos
      2. Checklists
      3. Configuration Processes
      4. Examples