Checklist Summary:

The purpose of this guide is to inform the reader about the available security settings for the Windows 2000 Domain Name System (DNS) Server Service, how to design a secure implementation of the Windows 2000 DNS, and how to properly implement that design. This guide provides step-by-step instructions to perform many of the tasks recommended to secure this service. This document recommends security settings for individual DNS servers and describes how to use the Microsoft Management Console to implement these settings for the DNS service. Because DNS implementations will vary, this document is designed to provide system administrators and network managers the ability to choose appropriate security settings for their environment. This guide presents detailed information on how to secure this service in a network environment by recommending security settings for individual DNS servers and describes how to use the Microsoft Management Console to implement these settings for the DNS service. In addition, this document contains a checklist and flowchart to use when configuring a Windows 2000 DNS Server Service while following the recommendations in this guide. Although this document assumes the reader will be implementing Windows 2000 DNS, the network planning sections of this guide hold true for all domain name servers that have the capability for dynamic updates and server records.

Checklist Role:

• DNS Server

Known Issues:

Do not attempt to implement any of the settings in this guide without first testing in a non-operational environment. This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore, this guide does not address site-specific configuration issues. Care must be taken when implementing this guide to address local operational and policy concerns. The security changes described in this document only apply to Microsoft Windows 2000 systems and should not be applied to any other Windows versions or operating systems.

Target Audience:

This checklist has been created for IT professionals.

Target Operational Environment:

• Managed

Testing Information:

The security configuration guide has been extensively tested in a lab and operational environment.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Prior to loading Windows 2000 DNS, administrators should perform a complete backup of the system before implementing any of the recommendations in this guide. Windows 2000 system administrators should ensure that the latest Windows 2000 service pack and hotfixes have been installed. Administrators should configure routers and firewalls to allow the appropriate traffic for the DNS Server. Also, administrators should install the Microsoft Windows 2000 DNS Server Service, if not already installed.

Disclaimer:

Do not attempt to implement any of the settings in this guide without first testing them in a non-operational environment. Security configuration guides are provided for the Department of Defense and other government agencies requiring security configuration guidelines. The guides contain recommended security settings. They are not intended to replace well-structured policy or sound judgment. The guides do not address site-specific configuration issues. Care must be taken when implementing the guides to address local operational and policy concerns. All security changes described in the guides are applicable only to specifically identified operating systems or architecture components and should not be applied to any other operating system or architecture components.

Product Support:

Not provided.

Point of Contact:

SNAC.Guides@nsa.gov

Sponsor:

Not provided.

Licensing:

Refer to the legal statement provided at: http://www.nsa.gov/notices/notic00004.cfm? Address=/snac/os/win2k/w2k_dns.pdf

Change History:

Updated status to Archive - 10/24/18

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 10/24/2018