Microsoft
Software
Hardware
Network
Question : DNS Cache Probing, need edits to DNS to satisfy security requirements
My e-commerce client received a security audit from their merchant account company. The text below describes what they want me to fix, including a reference link. I have no idea what any of this means. The DNS is hosted by Network Solutions, I am using their built-in DNS manager to point MX and A records to the right IP addresses. Is this something I can fix? Thank you!
DNS Cache Probing
It was possible to receive answers from this DNS server for non-recursive queries
for third-party domains. For an attacker, if a DNS answer to the non-recursive query
is received, this indicates that a domain has recently been resolved by the DNS
server (and, theoretically, other hosts that use the server). No response indicates that
the queried domain was not recently resolved. This can allow an attacker to discover
domains a queried by other hosts using this server, which might give an indication
of web-browsing habits or domains accessed for business purposes.
CVSSv2: AV:N/AC:L/Au:N/C:P/I:N/A:N
(5)
Reference:
http://www.bind9.net/manua
l/bind/9.3
.1/
Bv9ARM.
ch04.html#
AEN767
Answer : DNS Cache Probing, need edits to DNS to satisfy security requirements
No. This is a DNS configuration file change. They need to restrict data from cache to only trusted networks.
You might open a ticket to see if this can be changed.
Random Solutions
iPhone Data Recovery After iOS4 Upgrade
Setting up of a Forest Trust
Using an additional domain controller when PDC crashes
GP error --> Key segment not found <-- within Customer Service Mgt
Push not working on iphone with Exchange 2010...
3Com Switch Troubleshooting
Batch printing word document to non-default printer
truncate vs delete
Unable to connect Entourage 2004 to SBS 2008 Exchange mailbox
Your log in to the Switchboard timed out. Please click OK to reload or Cancel to quit.