The number of ‘things’ connected to the internet is already bypassing the number of people on the planet. This Internet of ‘things’ is changing the way we live and work: from the way food is grown and produced on farms through automated temperature and feeding controls, to the way we check prices and buy through connected terminals, to the vehicles we drive, the security cameras at work, and automated gates at the entrance. Connected ‘things’ are everywhere. All these ‘things’ are helping us to be more productive and efficient while also offering more and more convenience.
Spam is a never-ending problem for service providers. Unfortunately criminals can still make money at someone else’s expense so they persist in their mindless campaigns. The DNS is an integral part of well-established techniques for handling incoming spam, so unwanted mail doesn’t get delivered to inboxes.
There was an intriguingly named vulnerability revealed this week: Ghost Domains. A paper describing it can be found here. A team of researchers in China discovered a way to allow a domain to remain reachable in the DNS even after it has been revoked from a TLD. It looks like they expended a lot of energy testing their new idea and discovered there are several caching DNS software releases that are vulnerable.
The DNS is a critical component of ISP infrastructure. It’s usually described in two forms, Authoritative and Caching.
Authoritative DNS Servers host your domains like www.yourcompany.com, and associated resource records, as well as their location. It does this by mapping names of hosts to their IP-addresses.
The DNS has played an essential role since the earliest days of the Internet, resolving an IP address when given a domain name. Now it’s being considered for security applications. There are many fundamental reasons why it makes sense:
Today’s hackers are all about money, they constantly change the face of their exploits to maximize their returns. These agile attacks require agile defenses. Moving security protections into the network is essential to enabling more reliable updates of threat information; aggregation also provides significant scaling and manageability benefits. DNS-based security protections improve agility because DNS queries are a leading indicator of security exposure; from a strategic vantage point the DNS participates in web transactions that provide visibility into the presence of security threats.
Network operators and IT departments constantly reassess their security exposure and evaluate the best methods for protecting their networks and end users. New security solutions are always emerging to help them and one that’s starting to receive a lot of attention is the DNS. That’s raising an obvious question: “how in the world does the DNS become a security platform?”.
Just as it’s important for service providers and enterprises to maximize the performance and availability of their caching DNS servers, it’s important for brand owners and IT departments to ensure the robustness of their Authoritative DNS. Some of the issues are similar, but ensuring security of Authoritative data also has to be considered.
An earlier post talked about how important it is to maximize the responsiveness and availability of caching DNS in order to maintain a good user experience. It focused on the benefits of using Anycast. There are several other things worth considering for caching DNS as covered below: