View all products
Compute
Storage
Networking
Databases
Services
Solutions
Pricing
Library
Technical Resources
Community
Marketplace
What's New
Community Questions DNS security
Log in to Ask a Question

DNS security

networking

If using DNS, how concerned should I be about DNS security issues such as cache poisoning and cache snooping?

According to Linode, "Our DNS platform is secure, especially when communicating over the private network."

I'm not sure how to assess how secure is "secure". The "especially" part of that sentence makes me wonder what aspect of it is less secure than optimally secure.

Using IP addresses is not a good alternative because the nature of the application would make it hard to migrate to new IP addresses at another hosting company if circumstances dictated a need to migrate.

1 Reply

If absolute assurance is required, deploying DNSSEC may be appropriate for your zones. That, along with DNSSEC-aware recursive nameservers, is the "best" way to ensure that recursive nameservers provide the correct answer.

For a more realistic answer :-), the first part of your question makes it sound like you're concerned about Linode's recursive nameservers (the ones in your resolv.conf), but the second part makes it sound like you're concerned about Linode's authoritative nameservers (the ones you point your domain at). The latter are, strictly speaking, not susceptible to cache attacks as they aren't recursive nameservers. The former, as with all other recursive nameservers, are at least a little bit susceptible. The situation used to be worse, but there have been improvements in recent years with how recursive nameserver software operates.

There is nothing you can do about your end users' recursive nameservers other than transitioning to DNSSEC and hope they've got secure connections to nameservers that support and validate DNSSEC. This is not common.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct