Part of Data Security Standard 9 - IT protection

Domain Name System (DNS) and IP Ranges (9.3.3 - 9.3.5)

Domain Name System (DNS)

Your DNS query service should use National Cyber Security Centre’s Protective Domain Name Service (PDNS) for your name to Internet Protocol (IP) resolution.

Where you can add a manual DNS entry or override an existing one this action should be adequately secured. This is to ensure changes are only made via strongly authenticated and authorised administrators, so you know exactly who made the changes and that they were authorised to do so.

This safeguards your internet users from being directed to a bogus website.

IP ranges

You should manage and record all of your IP ranges used across your organisations. Irrespective of that address space generation (IPv4/IPv6) or class.

Having good management of your address space, such as using Dynamic Host Configuration Protocol (DHCP) and not using fixed IP’s at client level, all helps.

It is recognised that you will probably have a mixture of address spaces. Not knowing all your address spaces means you are not managing the devices on them and they would not feature as part of your vulnerability scan.

ARTICLE

HSCN IP addressing good practice guidelines

This document provides advice and guidelines for IP addressing and related key protocols for organisations connected to the HSCN.

Last edited: 27 September 2022 2:55 pm

Domain Name System (DNS) and IP Ranges (9.3.3 - 9.3.5)

Domain Name System (DNS)

IP ranges

Chapters