[BBLISA] maximizing DNS security

[Tom Metro]

Plain DNS has plenty of security problems, but what are the best 
practices for maximizing your DNS security. Specifically I'm wondering 
about how outsourced DNS, which leaves you open to social engineering 
attacks, compares to in-house management.

Even with the latter, it is common for small organizations to run a 
private authoritative server and have the public servers outsourced. 
Though I'm betting in that scenario an attacker would have a harder time 
merely making a modification to a zone. Rather than simply modifying 
records from a web UI, he'd have to set up a server to do the zone 
transfer and convince the provider to pull from his server.

Thoughts?

  -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/