Detections
Analytics
Unsecure Dynamic DNS Zone Updates Allowed
high
Language:
Description
Configuring a dynamic DNS zone with unsecure updates can lead to unauthenticated editing of DNS records, making them vulnerable to rogue DNS records.
Solution
Misconfiguration of dynamic DNS zone updates can significantly impact the security of the Active Directory. Hence, it is crucial either to use dynamic updates in a secure manner, or not use them at all.
See Also
Active Directory Security Assessment Checklist - Misconfigured DNS zones
[MS-DNSP]: Domain Name Service (DNS) Server Management Protocol
Active Directory-Integrated DNS Zones
Dynamic Update and Secure Dynamic Update
Beyond LLMNR/NBNS Spoofing - Exploiting Active Directory-Integrated DNS
Indicator Details
Name: Unsecure Dynamic DNS Zone Updates Allowed
Codename: C-DYNAMIC-UPDATES
Severity: High
- Tactic: TA0006 - Credential Access
- Techniques: T1557 - Adversary-in-the-Middle
- Tactic: TA0042 - Resource Development
- Techniques: T1584 - Compromise Infrastructure
Attacker Known Tools
Kevin Robertson: Powermad