# DNS Security Operations (Logging/RPZ/DNSSEC) One-sentence definition: Operate DNS with visibility and controls to block threats and ensure integrity. ## Key Facts - Centralize resolver logs; enable query logging and privacy controls. - Response Policy Zones (RPZ) to block malicious domains; egress filtering. - DNSSEC for authenticity of authoritative zones; key rollover plans. - Redundant resolvers/providers; anycast; cache tuning. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Use DNS telemetry and RPZ to detect/expose exfil command-and-control. **Mnemonic:** “**See** queries, **steer** answers.” ## Mini Scenario Q: Beaconing to new domain—what detects? A: DNS logs + analytics; block via RPZ. ## Revision Checklist - Two DNS defenses. - Integrity feature. - Redundancy tactic. ## Related [[DDoS Mitigation and Resilience]] · [[Network Monitoring, NetFlow IPFIX]] · [[Breach and Attack Simulation (BAS) Use Cases]] · [[Security Operations Center (SOC) Fundamentals]] · [[Domain 7 - Index]]