Information Technology Reference
In-Depth Information
typically necessary only when protecting well-known trademarked terms
or a highly trafficked Web presence. However, it must managed from an
early stage, because it is difficult to go back later and acquire names that
may already have been registered by other organizations, even when they
are copyrighted or otherwise registered and protected.
Name Service Poisoning
An organization's availability and profitability throughout the Internet
depends on successful resolution of the human-readable name (bobspizza.
com) to its registered numeric IP address, used by computers to identify
a particular destination. The Domain Name System (DNS) is a service
that provides this translation, with root domains (.com, .gov) resolved by
central servers that point to secondary servers responsible for subsets of
the overall namespace. If bobspizza.com is registered, the .com registry
includes an entry for the address of the server that supports any names
within this namespace. This server, in turn, ensures that www.bobspizza.
com can be directed to the website for Bob's Pizza, while hiring.bobspizza.
com can be directed to Bob's human resources portal.
Compromise of the registration service entry can result in traffic
being redirected to an undesirable location or outright loss of access to
the desired Internet resource. An organization should include the regular
re-registration of any owned namespace entries as part of the yearly budget
cycle, with technical and administrative contact information updated with
the registrar upon personnel change or termination. Access to authentica-
tion credentials to change an organization's DNS entry should be care-
fully controlled, to prevent undesirable redirection of Internet traffic.
Organizations should also arrange for regular testing of name service
resolution from different regions to ensure that all attempts resolve to
the same location. DNS entries can become corrupted through accident
or attack, with such changes “poisoning” later requests for name resolu-
tion. Following any change in service hosting, IP address space, or server/
service transfer, name resolution should be tested again to ensure that
updates to the registration are propagating to all DNS servers properly.
Due to the practice of locally caching name resolution results, a change
in IP address of an organization's servers or service hosts may take several
days to be reflected in all subordinate DNS systems. Users may also have
to flush their local name resolution caches to clear outdated service entries
Search WWH ::




Custom Search