The need to verify security functionality is necessary to ensure the DNS implementation is behaving as expected and the element's defenses are enabled. To scale the deployment of the verification process, the DNS systems must provide automated support for the management of distributed security testing. Without testing of the security controls across the architecture, the DNS infrastructure (e.g., cache) could be compromised without knowledge of the administrators. As DNS itself is a distributed system of components, security testing of the elements within the architecture is crucial to maintaining integrity of the entire infrastructure.
Upon detection of a failure of an automated security self-test, the DNS element must respond in accordance with organization defined responses and alternative actions. Without taking any self-healing actions or notifying an administrator, the defense of the system and the network is potentially vulnerable and the risk is not identified. |