950 KB | 3 files | DOC, PDF
The task of mapping friendly URL names to underlying IP addresses falls to the DNS, a collaboration of many entities across the Net. This guide will give you pointers on implementing DNS safely in your organization.
The Internet is the world’s largest computing network, with hundreds of million of users. From the perspective of a user, each node or resource on this network is identified by a unique name — the domain name — such as www.nist.gov. However, from the perspective of network equipment that routes communications across the Internet, the unique identifier for a resource is an Internet Protocol (IP) address, such as 172.30.128.27. To access Internet resources by user-friendly domain names rather than IP addresses, users need a system that translates domain names to IP addresses and back. This translation is the primary task of an engine called the Domain Name System (DNS).
The DNS infrastructure is made up of computing and communication entities that are geographically distributed throughout the world. There are more than 250 top-level domains, such as .gov and .com, and several million second-level domains, such as nist.gov and ietf.org. Accordingly, there are many name servers in the DNS infrastructure, which each contain information about a small portion of the domain name space. The DNS infrastructure functions through collaboration among the various entities involved. The domain name data provided by DNS is intended to be available to any computer located anywhere in the Internet.
This document provides deployment guidelines for securing DNS within an enterprise. Because DNS data is meant to be public, preserving the confidentiality of DNS data pertaining to publicly accessible IT resources is not a concern. The primary security goals for DNS are data integrity and source authentication, which are needed to ensure the authenticity of domain name information and maintain the integrity of domain name information in transit.
The attached zip file includes:
Chapter 1.2 focuses on the fundamentals of complex networks and complex network taxonomy and examples. ... More >>
This 10-page excerpt provides an overview and history of IEEE 802.11 technology. ... More >>
In this publication, you will find non-vendor-specific provisioning of IPv6-based network traffic filtering via basic types of traffic blocking suggestions, identification of deprecated addresses, a brief discussion on ICMPv6, tunneling, and additional topics to consider when developing an IPv6 implementation strategy. ... More >>