Benchmark: Name Server (NS) Records
Overview
Name servers (NS) are the repositories of information that make up the domain database. The database is divided up into sections called zones, which are distributed among the name servers. The most important function of DNS servers is the translation (resolution) of human-memorable domain names (example.com) and hostnames into the corresponding numeric Internet Protocol (IP) addresses (93.184.216.34), the second principal name space of the Internet, which is used to identify and locate computer systems and resources on the Internet.
When searching for a domain name, it hits the name server, which translates the domain name into the Internet Protocol (IP) address, so that the browser can locate it. Once it’s found the domain name in the name server, web browser uses the IP address to connect to the server and load the requested site.
This benchmark contains best practices for NS records.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-net-insights
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select Name Server (NS) Records.
Run this benchmark in your terminal:
powerpipe benchmark run net_insights.benchmark.dns_ns_best_practices
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run net_insights.benchmark.dns_ns_best_practices --share
Controls
- Name servers should have valid name
- DNS should have at least 2 name servers
- Name servers should answer authoritatively
- All name servers listed at the parent server should respond
- Local DNS name server list should match parent name server list
- DNS should not contain CNAME records if an NS (or any other) record is present
- Name servers should not contain CNAME records if an NS (or any other) record is present
- Name servers should be on different subnets
- Name server records should use public IPs
- Name servers should be in different locations