To allow devices on one domain to talk to each other, you need to point them to an internal DNS server. The answer to this question depends on the internal setup. Should I Use an External or Internal DNS Server?
As a rule of thumb, hide the DNS servers and the data from users that do not need to have access to them. If you leave primary DNS servers visible to all internal users, that may become a significant security issue. Responding only to iterative queries for the respective zones a server is authoritative for, is a high-performance configuration.įinally, only system admins and IT personnel should have access to primary servers within your organization. There is no need for external users to query your recursive DNS servers. If a DNS server is accessible from outside your network, that server needs to be an authoritative-only DNS server. Only secondary DNS servers should address requests from end-users. Records for these servers should not be available in any publicly accessible nameserver database.
Primary servers must not be visible to external users. This is especially important if your domain names need to be visible by the public. Not every DNS server and each piece of information need to be made available to all users.įirst, make accessible only the servers and the data necessary for the individuals using these servers. You can ensure that there will never come a time when there are no services available for an end-user. Continuous replication from primary to secondary servers will keep your DNS records in sync and safe from failures. An IP of an internal DNS server can be any address within a private network IP range.īy making DNS servers redundant, you can achieve high availability of the DNS infrastructure. Admins configure machines to use secondary DNS automatically if the primary is not responsive. The devices are believed to be hard enough to hack that they’re just not viable targets for most attackers, he says.If one DNS server runs into an issue, the other one takes over immediately. Lord says since he’s only connected to the internal network using a Chromebook, in part to test how viable those computers are for DNC use. It’s also experimenting with using particularly secure devices, like Chromebooks and iPads, to replace potentially less secure equipment employees use to connect to its networks. The DNC has, like many companies, taken steps to move digital services to what Lord calls “properly curated cloud services,” where the DNC can build on the security already provided by cloud vendors. Ideally, giving campaigns a ready list of secure digital providers and basic good practices will help them avoid hack attacks without having to divert too many resources from their primary goals. “Because politicians must spin up and down campaigns very quickly, the data flows rapidly in that kind of environment, and there is insufficient planning in advance to facilitate the appropriate management of that data.” “There are many people involved out of necessity and many moving parts,” an UpGuard spokesperson writes in an email. “Technical security is important, but physical and administrative security is often overlooked and is essential to overall data security,” writes Emily Schwartz, vice president of organizing at campaign tech company NationBuilder, in an email to Fast Company. “This requires diligence from every member of the staff, not just our engineering team. For example, we do intensive all-staff security trainings that are focused on making sure that every staff member fully owns their personal responsibility in data security.” John Podesta, chairman of Clinton’s 2016 campaign, famously had his personal emails hacked and leaked as a result of a phishing attack, and party officials and tech vendors want to make sure nothing like that ever happens again. With phishing attacks a fact of life on the modern internet, the political parties have also been aggressively training their employees to keep themselves safe by using security measures like two-factor authentication and, of course, not clicking on suspicious emails. Looking ahead to the 2018 midterms and the 2020 presidential election, campaign organizations have taken big steps to improve their digital security, and those measures haven’t been limited to installing new firewalls or upgrading security software. “In a post-2016 campaign environment, all campaigns and vendors need to be reflective how they treat data security and make it a operational priority,” writes Scott Tranter, cofounder of 0ptimus, a data and tech company that’s worked with Republican candidates, in an email.