DNS and DHCP usage policy
Domain Name System and Dynamic Host Configuration Protocol are the foundation of essential network configuration and communication, especially DNS. Internal and external network access could not work as we know it without DNS, and DHCP is invaluable in provisioning temporary IP addresses for workstations and devices to utilize facility connectivity.
The purpose of this policy is to provide guidelines for the appropriate implementation and administration of DNS and DHCP.
From the policy:
- Only authorized individuals should be appointed to administer DNS services.
- All servers responsible for hosting DNS services must be physically secured if on-premises, and with access permitted only by authorized personnel.
- If possible, use Active Directory Integrated Zones.
- Ensure DNS servers can access root hint servers through the firewall for external host lookups.
- DNS zones must consist of forward and reverse entries. Each system must have one of each.
- DNS servers must be redundant, with at least two systems available for DNS operations.
- If the organization has multiple sites, each site must have its own dedicated set of DNS servers with clients in that site pointed to these hosts.