The DNS has played an essential role since the earliest days of the Internet, resolving an IP address when given a domain name. Now it’s being considered for security applications. There are many fundamental reasons why it makes sense:
The DNS is proven and well understood, it’s been an integral part of IP networks for more than 25 years. It’s also stable; there have been very few changes to the protocol so there is little inherent risk in leveraging it for new applications like security.
The DNS is universally deployed; every IP network in the world uses it. Every client device that accesses the Internet also uses it because it’s essential for navigation. DNS ubiquity is a Good Thing, leveraging the DNS removes the need for new equipment and changes to network architectures. Since every device already has a DNS client there’s no need for client software either.
The DNS is a superb vantage point in the network. Virtually every Internet application relies on the DNS, as do social engineering exploits, malware, fake AV etc. If something bad is happening on a network the DNS is the place to see it.
DNS deployments are virtually always designed with redundancy. DNS clients are already setup to talk to multiple DNS servers so a DNS based security system will be inherently redundant.
Better still, most Internet transactions start with a DNS query, navigating to a web site, sending an email, making a phone call, etc. This means security exposure can be detected as early as possible. Early detection means many exploits never even get off the ground. No other security system is as proactive.
The DNS scales beautifully, it’s the largest distributed database in the world, hosting hundreds of millions of domain names. There is no question it can scale to meet security challenges.
The DNS is pervasive, it’s distributed across literally every corner of the Internet and hundreds of millions of Internet resources rely on it to advertise their presence. Today millions of exploits use the DNS to advertise malicious resources; it just makes sense to use the DNS against them to prevent them from being successful.