DNS (Domain Name System) can be assumed like the GPS of the computer network universe. Basically, it translates a domain name into a legible IP address that identifies the entity involved in the exchange of information data. It is a safe bet that every one of us has come across DNS while surfing the web, even though it might be that we failed to realize it at the time owing to lack of knowledge. A DNS is quite useful when it is employed to manage the mapping of a network and act as an address book for the countless IPs out there.
But these days, the DNS servers are quite prone to attackers. Anyone who thinks using proxy DNS servers or third party DNS can help avert the attacks knows only half the truth. After all, it is now increasingly common to alter the DNS records used by a website or network and divert all its traffic to the attacker’s computer. The recent attacks by the Syrian Electronic Army, a pro-Assad hacking entity on the New York Times and twitter are raging proofs of this phenomenon. Here, data is introduced into the DNS resolver’s cache causing a faulty IP to be rerouted and granting access to the hacker.
Normally, the DNS used is provided by your ISP or organization. Attacks on one node in the DNS server can poison the entire network, directly and indirectly compromising every downstream data flow. Flaws/shortcomings in the DNS software can be fatal to data integrity for your system. Similarly, if the same spoofing flaws are used to replace the IP of the target website on a given DNS server with the attacker’s server IP, it can be used to create files with names matching those on the target server. There on, these can be used to trick the poisoned DNS into accepting malicious content from a non-authentic server and result in granting access to a computer worm or virus.
It is true that the DNS systems is quite robust but let’s grow up and step into the reality –It was built for extensive usability rather than reinforced security. Moreover the classifications of DNS attacks these days are extensive and evolving day by day. There is only so much that one can do. It is advisable to use the latest version of DNS firewall to lessen the chances of being preyed on. Configuring servers to reduce inter-connectivity of DNS functions becoming a liability can also help you protect yourself better. In addition to all this, constantly monitoring server traffic will definitely help to spot any unusual activity or spoofing.
In addition to DNS poisoning also known as cache poisoning, there are several other types of attacks. There is the zero-day attack where a previously unknown vulnerability is exploited. There is the Denial of Service where so much traffic is directed at the target IP that the data buffers cannot resolve so many legitimate requests. DNS amplification is particularly harmful as it uses recursion lookups to spread the attack to DNS servers.
Still, it is possible to deflect a large number of such attacks. A few tools and tricks can help mitigate these attacks and secure your DNS. The strongest DNS protection is provided by DNS Firewall which work through the use of digital signatures but it cannot protect against DoS attacks. Here, configuration functionality can be separated and used to isolate caching service from the authoritative response. DNS traffic monitoring is the final frontier as it can help to detect illicit tunneling behavior. Frequent DNS TCP traffic can be an indication of tunneling and must be resolved at the earliest.
Therefore, it is best to incorporate the philosophy of prevention is better than cure. DNS is an attractive attack target but with proper vigilance, it can be protected and attacks mitigated.