DNS System Audit

DNS is a very complex, interacting, interconnecting system with many, many parts. Our DNS server audit service is a thorough 97-point checklist review of your DNS ecosystem, resulting in a detailed report with consultation time to explain the results. This includes checks such as the following plus many more:

  • standard Unix operating system audit for the OS setup
  • local DNS resolver and client testing
  • local DNS server configuration review
  • local DNS protocol testing
  • remote DNS protocol testing (from 3 networks)
  • local zone review and testing
  • remote zone testing (from 3 networks)
  • transfer configurations review and testing
  • DNSSEC keys and signatures check
  • remote DNSSEC validation testing
  • hardware, network interfaces, network, and firewall setup (as can be seen via normal local research). This service does not audit those things in detail, but provides a localized and external review.
  • review configurations and security setup for control channel and control tools
  • root hint zone check including DNSSEC key(s)
  • testing outbound queries
  • secure behavior testing
  • security vulnerability testing
  • configuration suggestions
  • monitoring snapshots
  • performance snapshots
  • heavy users report
  • most popular lookups report
  • review and test (if applicable) ACLs
  • various best operating practices checks
  • packet sizing and extended DNS checks
  • random ID checks for the system stub resolver and for the server itself
  • DNS server crash tests and penetration testing
  • and a lot more ...

The report will provide explanations about problems it finds with references, as applicable, to standards that define best practices for that behavior.

The DNS System Audit service may be done for a single server to many servers. The standard service, for a single server, is a four business day delivery. This will also include monitoring and performance snapshots over a two day period.

The standard service includes login work and the auditor will need login access and browse and read permissions as applicable to research the system environment. If this login service is not desired, please contact us to discuss providing files and details, as an alternative audit service.

Note: At the time, the operating system review and login-based audit is for standard Unix-like systems, includng *BSD and Linux. For other systems, please contact us for alternate testing.