Is Your DNS Secured? I Doubt It and Here Is Why


In the modern age, almost all of our data is stored digitally or even on shared or secure networks. Whether it be databases, home automation interfaces or simply digital document lockers, we now have almost our entire lives and everything on which it depends, stored online. It is almost like conjuring data of thin air. But such great power always comes with great responsibility to quote the superhero from popular culture. After all, storing all your eggs in one basket is never a positive measure, even if the basket is a supposedly digital one.

Students at the Israel Institute of technology recently discovered a glitch in the guidance system of the internet, also called the DNS. DNS, short for the Domain Name System, is one of the most elementary of all Internet practices, allowing Internet users access to a devolved database that lets CPUs translate the names of specific websites into the actual IP addresses, the groundwork for browsing the web. During the resolution of name to IP address, DNS servers look for the server storing the corresponding IP address. The weakness that the students found allows hackers to compel a DNS server to connect to a specific server chosen out of a set of potential servers.

If that server is controlled by the attacker, that DNS server will receive a false IP address. This type of cyber-attack gives hackers an advantage, by causing computers to ‘talk’ with network stations that they alone control without being able to detect the occurrence of the fraud. In this way, a seemingly unsuspicious network call can easily transform into fraudulent and painful transactional website and you might be out of quite a lot of precious data or online money if you do not pay attention.

In order to subvert such attacks, one needs to play close heed to the basics of DNS Security and also make an effort to understand the nitty-gritty of internet connectivity, for it is the lifeline of the modern tech-savvy world, to say the least. Normally, the DNS used is provided by your ISP or organization. Attacks on one node in the DNS server can poison the entire network, directly and indirectly compromising every downstream data flow. Flaws/shortcomings in the DNS software can be fatal to data integrity for your system. Similarly, if the same spoofing flaws are used to replace the IP of the target website on a given DNS server with the attacker’s server IP, it can be used to create files with names matching those on the target server. There on, these can be used to trick the poisoned DNS into accepting malicious content from a non-authentic server and result in granting access to a computer worm or virus.

There is only a certain set of things that you can do and those too have a limit. The lowest on that list is to have the latest DNS server in order to protect your own interests and bolster your DNS security. Configuring servers to reduce inter-connectivity of DNS functions becoming a liability can also help you protect yourself better. In addition to all this, constantly monitoring server traffic will definitely help to spot any unusual activity or spoofing. Your firewalls should only consent to DNS query traffic on UDP/TCP port 53. In addition to this, it should only provide permissions to zone allocation requests from acknowledged DNS structures. The Domain Name System wasn’t planned to work in tandem with Internet firewalls. It’s an authentication of the litheness of DNS and of its BIND and DHCP implementations that you can align DNS to work with, or even over, an Internet firewall.

In this way, following simple vigilance protocols can help save you from hacker attacks and safeguard your data and system setup for a while. So go ahead and delve a little deeper into the DNS!