DNS is a foundational technology for any company and is therefore one of the most important services to keep running well. For many organizations, DNS is continuously updated to reflect changes to internet-facing assets. A change in a service provider or registrar, a new or updated marketing campaign, and sometimes even proof-of-concept sites may all require updates to your DNS. Given the sheer scale of a DNS implementation for any organization, particularly one with global assets, keeping everything up and running may consume more resources and require greater expertise than your company has at its disposal. As a result, suboptimal configurations or unused assets end up remaining in place long after they are intended.
In some cases, your DNS will continue to function. In other cases, issues could rear their ugly head leaving your company open to operational problems, performance issues or marketing/branding embarrassments. Most importantly, poorly configured or orphaned DNS entries can open your company up to a host of security vulnerabilities.
The UltraDNS Health Check tool makes it easy to ensure that your domains are RFC-compliant, checks for adherence to best practices, and identifies possible configuration and security issues.
Neustar UltraDNS Health Check Key Benefits
DNS has been around for over 30 years and is a foundational component of the internet. Hundreds of standards have been written to guide its proper implementation and operations. Unfortunately, not everyone has the opportunity nor time to read all of these standards. This has resulted in varied implementations of DNS that may appear to work, but actually contain misconfigurations which expose security risks, impact performance, or result in downtime.
The UltraDNS Health Check tool was designed to help you navigate the hundreds of standards you haven’t gotten around to reading to get your DNS in shape. Our on-demand checks include:
|CHECK||WHAT IS IT||WHY IT IS IMPORTANT|
|Domain||A set of checks that verify basic hygiene, sanity, and security for a specified domain||Validates the core configurations for a domain essential for appropriate routing and security|
|Name Server||A series of checks that test the reliability, hygiene, sanity, and security of name server configurations for the selected domain||Identifies misconfigurations that could result in security vulnerabilities, performance problems or even query resolution failure|
|Mail Exchange (MX)||A set of checks on mail exchanger records validating that they are configured in accordance with best practices and industry standards||Protects from many of the issues that could affect appropriate email transmission|
|Start of Authority (SOA)||A set of checks that verify the existence of SOA records and that their configuration conforms to industry standards for the selected domain||Misconfigurations in SOA records could result in issues affecting zone transfers|
|DNS Security (DNSSEC)||A set of checks that evaluate the configuration of DNSSEC records for both DNSSEC-enabled domains and domains that are not DNSSEC-enabled||Unsigned zones are vulnerable to security attacks (e.g. man-in-the-middle), and DNSSEC misconfigurations could result in failed responses to valid DNS queries|