Domain Name System Protection
When the internet was introduced, there were very few systems and services connected to the network. It was easier for these resources to talk to each other. As more people and resources started joining the network, the need for a mechanism to let them contact each other was felt, which led to the birth of the Domain Name System.
DNS: An introduction
Every day, millions of people and networks from around the world access the internet. Systems and people connected to the network need to contact each other. DNS helps achieve this objective. DNS is a naming system for all the resources connected to the internet and private networks. DNS works by translating domain names to IP addresses, ensuring that users don’t have to memorise addresses.
You can call DNS the phonebook of the internet. DNS works by matching information with domain names assigned to different resources. DNS converts domain names into IP addresses that are used to locate services and devices. The DNS directory is stored on domain name servers distributed around the world. Thanks to the distributed nature of the directory, queries by IT support teams and individuals are resolved much faster.
Every time a web browser wants to load a page, it has to communicate with the DNS server, which though takes a few hundred milliseconds, can add up over time resulting in delays. To help save time, information is cached (or stored) locally. Data is stored closer to the client, which helps resolve queries swiftly and reduce bandwidth consumption.
DNS security: The need
DNS has its flaws. There are various DNS vulnerabilities that hackers exploit to tweak the way DNS maps domain names and IP addresses. Hackers, for instance, are known to orchestrate attacks that involve redirecting users to a phishing or corrupted site rather than the website they want to load. By the time the user finds out that they have been tricked, the scamster disappears in one of the several dark alleys of the internet with their victim’s personal information such as contact and credit card details.
Three popular types of DNS attacks are:
- DNS cache poisoning
DNS cache poisoning involves inserting fake address records into the DNS. When a user inserts the domain name of a poisoned website, the DNS responds with the IP address of a site controlled by the hacker. The user is then redirected to the fake website. Once they are there, the scamster tricks them into sharing their personal details.
Many hackers use the method to infect their victim’s system with different types of malware such as spyware and ransomware. Once the hacker successfully installs the malware on their victim’s system, they, and not the owner, is in the driver’s seat.
- DNS reflection attacks
Hackers executing DNS reflection attacks use their victim’s IP address to request large DNS files. All the responses are redirected to the victim’s system, often overwhelming it.
- Denial of service
Denial of service involves overwhelming a system with fake requests to make resources available to the intended users.
Tips to avoid DNS attacks
As threats keep evolving, the need to protect your DNS is more than ever before. A study revealed that around 75% of companies are highly vulnerable to DNS attacks. Here are some tips to lower your risk:
- Audit your DNS zones regularly.
- Use DNS Security Extensions protocol that digitally signs data.
- Use the latest version of BIND, the most popular Domain Name System software that resolves queries.
- Update your patches and fix bugs at regular intervals.
- Ensure your IT support team in London has a system in place to keep a tab on the number of queries. Ensure redundant queries are blocked in a timely fashion.