Updating zone files
The total of all DNS zones, which are organized in a hierarchical tree-like order of cascading lower-level domains, form the DNS namespace.
The authority over each DNS zone is delegated to a legal entity or organization (i.e.
Instruction: If there are no written procedures for manual updates of zone files (e.g., a new host entry), then this is a finding.
If there are such procedures, then it must cover the following:- The process for updating zone records- Who is authorized to submit and approve update requests- How the DNS database administrator verifies the identity of the person from whom he or she received the request- How the DNS database administrator documents any changes made This is a finding if any of these elements are missing from the procedures for manually updating zone records.
When the multiple lines end, they must be closed again with a bracket (")"), placed on a single line. ; designates the start of this zone file in the name space $TTL 1h ; The default expiration time of a resource record without its own TTL value
*Note: If secure dynamic updates are being utilized without any administrator interaction, then this check can be marked Not Applicable.
The IAO should establish standard operating procedures for updating zone records.
While the directives are optional, the resource records are required in order to provide name service to a zone.
Increasing this value allows remote nameservers to cache the zone information for a longer period of time, reducing the number of queries for the zone and lengthening the amount of time required to propagate resource record changes.