What is DNS?
Simply put, DNS (domain name service) is a built-in function of networking that translates human-friendly website names into computer-friendly numbers. DNS also acts as a virtual, dynamic “phonebook” for networks which enables computers within networks and throughout the Internet to easily communicate with each other.
Have you ever wondered how by simply typing a website into your browser your computer is able to find it, among billions of websites out there? Or how your email software is able to deliver a message to a recipient simply by typing in their email address, even if you have never sent them an email before? Perhaps more remarkable is the fact that websites are frequently updated or moved from one server to another, and high-traffic websites are oftentimes hosted on many (sometimes hundreds) of servers simultaneously. This is the value of the DNS service at work – providing consistent, simple access of network resources between humans and computers, and between computers and other computers.
Who provides the DNS service?
DNS is provided by specialized servers call nameservers. In the context of the Internet, nameservers are publicly available and are typically (but not always) maintained by ISPs (Internet Service Providers), universities, etc. In corporate networks, nameservers are maintained internally by your IT staff. These servers all work together using the DNS protocol to communicate by sharing information, passing on requests, and returning answers to your computer or other computers within your network. As you can see, DNS is a critical component of computer networks – and here’s where the vulnerabilities of DNS begin to manifest.
Why do I need to make sure my organization’s DNS service is protected?
By its very nature, DNS is designed to work behind the scenes, providing direction to computers as they communicate within and across networks. Since it works nearly-invisibly, we place a significant amount of trust in DNS’s ability to provide us with accurate results. We trust that when we browse to a website, DNS will provide us with the genuine result – but what happens if the DNS service is compromised, and our attempt to visit a harmless website is redirected to a website containing malware? Unfortunately, DNS servers are not immune to cybersecurity issues.
DNS is critical not only for web browsing – it’s also the underpinning for email transport. Email servers advertise their presence on the Internet by a special DNS record called an MX Record. This record’s presence on the DNS network is critical for email delivery to your organization, and its compromise could completely stop email transport.
A common example – DNS Poisoning
If a hacker compromises a DNS server, they can modify those critical records to redirect requests from harmless websites to harmful ones. Consequently, a user’s attempt to visit a website can be unwittingly redirected to the harmful one causing a malware infection that can rapidly (and in many cases) invisibly spread to that user’s computer and other computers on their network. This is called DNS poisoning, and it’s a significant risk to IT security. If that hacker compromises your organizations MX record as indicated above, email delivery will be affected.
According to a survey from the Neustar International Security Council conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months. Worst of all – public DNS servers are not typically under your IT staff’s purview, so your organization cannot control resolution – you’re effectively out of luck until the public DNS provider can repair the poisoned records.
How to protect your organization’s reliance on the DNS service
Fortunately, DNS is a robust service, and its highly-communicative nature provides a modicum of fault tolerance. Public DNS providers take great pains to ensure their networks are free of security vulnerabilities, and SSL certificates are employed separately to verify website identities. Additional DNS protection is becoming common as remote work and reliance on cloud platforms has grown, namely in the form of secure DNS provision by Cisco’s Umbrella platform, UltraDNS, and the Zscaler platform, to name a few.
How does secure DNS protect my organization?
When you employ a secure DNS platform, changes are made to your corporate network to reference specific, hardened DNS servers with several additional failsafe measures that further reduce the risk of accessing compromised DNS records. They include software that prevents DNS caches (a set of DNS records that your computer stores to provide quick resolution to commonly-accessed sites and services) from compromise, and they allow your IT staff more administrative control over how your corporate devices use DNS. These services also extend to your remote worker staff – whether they’re in the office or in a hotel room across the world, a secure DNS platform manages DNS lookups to provide maximum protection against compromise.
We’ve answered that question “What is DNS”, reviewed how important the DNS service is to the modern computer network, and explored a few of the ways this service can be compromised. Exploring a secure DNS solution can provide value to your organization by decreasing the risk of network downtime and returning control to your IT security team. If you would like some help or have any questions about this, please feel free to reach out to our Managed Services experts.