Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Getting Started

Reply

Locking DNS records from deletion

New Member
Posts: 1
429     0

We have a cname that many other cnames are pointing to that was deleted recently. Is there a way to lock specific records from deletion, even by admins/superusers or at least have a prompt to unlock before deletion? Looking to prevent this from happening in the future for a select few records. 

 

Thanks

Re: Locking DNS records from deletion

New Member
Posts: 6
429     0

You can't stop a superuser from deleting that record. You could put a warning text in the comment field, but that is about it I believe.

You can stop any other admin from deleting that record though. I just created a user in my lab with the default role 'DNS Admin'. In the permission profile I added an object permission on a specific CNAME with permission read-only. This administrator was able to make any change to the zone, except for editing / deleting this CNAME record.

In your case, a solution would be to create a role with every permission on read-write, except for this one specific object permission. Then change your superuses from superuser to this role.

I would advise to keep one superuser account with a long and secure password and put it in a vault 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You