What are the risks of managing internal DNS records via an external DNS service?
-
Security through obscurity is considered bad. I understand that internal topology is revealed and reconnaissance becomes easy if I expose my internal DNS information to the world. However, if proper ACLs and firewalls are in place to restrict hostile ingress traffic, what are the arguments for not exposing internal DNS records(apart from defense-in-depth)? Note: I am assuming that the DNS records themselves are protected against tampering/hijacking.
-
Answer:
Your caveat assumption is a very bad one. DNS is not protected from tampering nor hijacking, nor man-in-the-middle (MITM) attacks. So the best way to break into your internal networks are to redirect employee requests for internal resources to hostile servers that engage in credential stealing and/or social engineering. Giving an attacker knowledge of server names and their (likely RFC 1918) addresses is of much less concern in comparison.
Adam Gering at Quora Visit the source
Related Q & A:
- What's the difference is between 'Internal Medicine' and 'General Practice?Best solution by Yahoo! Answers
- What is the difference between internal customer service and external customer service?Best solution by Yahoo! Answers
- What are the risks of opening an email attachment?Best solution by Yahoo! Answers
- What is the different between internal DNS and external DNS?Best solution by answers.yahoo.com
- What should I wear to an internal job interview?Best solution by Yahoo! Answers
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.