Microsoft
Software
Hardware
Network
Question : DNS Cache Probing, need edits to DNS to satisfy security requirements
My e-commerce client received a security audit from their merchant account company. The text below describes what they want me to fix, including a reference link. I have no idea what any of this means. The DNS is hosted by Network Solutions, I am using their built-in DNS manager to point MX and A records to the right IP addresses. Is this something I can fix? Thank you!
DNS Cache Probing
It was possible to receive answers from this DNS server for non-recursive queries
for third-party domains. For an attacker, if a DNS answer to the non-recursive query
is received, this indicates that a domain has recently been resolved by the DNS
server (and, theoretically, other hosts that use the server). No response indicates that
the queried domain was not recently resolved. This can allow an attacker to discover
domains a queried by other hosts using this server, which might give an indication
of web-browsing habits or domains accessed for business purposes.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
(5)
Reference:
http://www.bind9.net/manua
l/bind/9.3
.1/
Bv9ARM.
ch04.html#
AEN767
Answer : DNS Cache Probing, need edits to DNS to satisfy security requirements
No. This is a DNS configuration file change. They need to restrict data from cache to only trusted networks.
You might open a ticket to see if this can be changed.
Random Solutions
Terminal Server Printing
Dual WAN on a Fortigate 60
If folder does not exist, then create one
need to send and receive one domains email from another domains outlook?
What are the several solutions to report a record from database table
IIS Web site works in all browsers except Safari on Mac
Access the DOM of a pop up window
publishing websites in TMG 2010
Web site works using IP but not Localhost
CISCO PIX 525: understanding statistics