Hostname DNS Verification
To prevent potential abuse, PAM records can now perform hostname verification prior to executing tasks.
This can potentially reduce the ability to alter DNS in order to gain access to a managed Windows endpoint.
To implement hostname verification
- Login to PAM with a System Administrator account.
- Navigate to Administration > Record Types.
- Locate the Record Type that you wish to enforce this verification on and click its Edit button.
-
On the Record Type’s page, scroll down and click the Add Field button. Configure the following values:
-
Field Type: Checkbox
-
Name: HostNameDNS
-
Display Name: Disable Hostname Verification (or another value of your choosing)
-
The remaining values can be configured to your requirements
-
-
Click the Save button on this Add Record Type Field page.
-
PAM will return you to the Record Type page, click this Save button to complete the configuration.
We recommend, but do not require, creating a custom record type and inheriting from the Windows Host (or another) parent type rather than modifying any default types. For more information about Custom Record Types, please read this article.
To test hostname verification, please perform the following steps:
- Create a new record or reuse an existing record that utilizes the Record Type that was updated in the previous section.
- On this new Disable Hostname Verification field, do not check this box. Unchecked/disabled means the hostname will be verified, while Checked/enabled means that verification will be skipped.
- Execute a task against this record. Ensure that the hostname in the record will fail verification prior to executing this task.
When the task is executed, it will first verify the hostname defined in the record and in this scenario, this verification will fail. This will prevent the task from executing and it will therefore report a Status of Error and the details of this error will be reported as such:
Failure to verify host name hostname from the record, detected hostname detected on the endpoint.
Of course, if the verification is successful, then the task will be executed as expected.