Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Getting Started

Reply

Locking DNS records from deletion
Jmull
New Member
Posts: 1

‎06-28-2023 01:55 PM

633     0

We have a cname that many other cnames are pointing to that was deleted recently. Is there a way to lock specific records from deletion, even by admins/superusers or at least have a prompt to unlock before deletion? Looking to prevent this from happening in the future for a select few records. 

 

Thanks

Labels:
Reply
0 Kudos

Re: Locking DNS records from deletion
tn-bdeschut
New Member
Posts: 6

‎10-20-2023 12:49 AM

634     0

You can't stop a superuser from deleting that record. You could put a warning text in the comment field, but that is about it I believe.

You can stop any other admin from deleting that record though. I just created a user in my lab with the default role 'DNS Admin'. In the permission profile I added an object permission on a specific CNAME with permission read-only. This administrator was able to make any change to the zone, except for editing / deleting this CNAME record.

In your case, a solution would be to create a role with every permission on read-write, except for this one specific object permission. Then change your superuses from superuser to this role.

I would advise to keep one superuser account with a long and secure password and put it in a vault 

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community