SC-22 Architecture and Provisioning for Name / Address Resolution Service

Description

Information systems that provide name and address resolution services include, for example, domain name system (DNS) servers.

To eliminate single points of failure and to enhance redundancy, organizations employ at least two authoritative domain name system servers, one configured as the primary server and the other configured as the secondary server. Additionally, organizations typically deploy the servers in two geographically separated network subnetworks (i.e., not located in the same physical facility).

For role separation, DNS servers with internal roles only process name and address resolution requests from within organizations (i.e., from internal clients). DNS servers with external roles only process name and address resolution information requests from clients external to organizations (i.e., on external networks including the Internet).

Organizations specify clients that can access authoritative DNS servers in particular roles (e.g., by address ranges, explicit lists).

Applicability

The Chief Information Security and Privacy Officer (CISPO), or designee, is responsible for implementing this Control.

Implementation

The information systems that collectively provide name/address resolution service for TAMU-CC are fault tolerant and implement internal/external role separation.

Revision History

Last Updated: February 21, 2025

Previous Versions:

  • June 29, 2023
  • May 31, 2022
  • March 25, 2021
  • September 16, 2019

Chief Information Security and Privacy Officer

Submit a Ticket

News

See All News

Events

See All Events