DNS security
definition first
DNS - domain name system
DNS specifications stated in the RFC - https://www.ietf.org/rfc/rfc1035.txt make their way into various DNS software, including procedures and policies.
RFC 1035 obsoletes RFCs 882, 883, 973
DNS is a fundamental part of the internet. DNS exploits are numerous, most are due to misconfigurations at the software level, some don’t follow RFCs, some are logic errors.
This is where having a proper DNS solution which is monitored can significantly improve the overall health of the system. DNS monitoring can enable this if you have the resource and desire to get visibility. DNS can be integrated into various threat detection as well as anomaly detection solutions. DNS can be used in creative ways to keep your enterprise and users safe by restricting and blocking things you know are a bad idea from a cybersecurity standpoint.
This blog post is a high-level overview of DNS. Sophisticated malware has logic which attempts to identify if it is in a sandbox, or some type of hardened environment, having good DNS security can save your business or system a ton of headaches and reduce your overall risk. DNS can be used strategically as well as tactically, a good place to start is to begin gathering metrics on your DNS queries on a 30-day reporting cycle. If you can’t that means you need to mature your system.
DNS is global, but also DNS is recursive, and DNS can be local and isolated.
Global DNS is an inverse tree structure with root being maintained by ICANN
Your ISP also have DNS, which is recursive to Global DNS, with some filtering.
Your Cloud vendor is recursive of Global DNS, no filtering.
Your system might have a dedicated DNS server software.
Your home routers also have DNS software/program which is recursive to ISP DNS.
Your mobile devices on the mobile carrier networks are recursive DNS maintained by the mobile provider aka ISP.
Your VPN providers (if you use one) are also running recursive DNS typically with managed DNS filtering rules.
—
for systems with Internet access, start here, and run a DNS analysis if your current DNS vendor - https://www.grc.com/dns/dns.htm
check for DNS leaks with extended test - https://www.dnsleaktest.com/
reach out for a consult, let me improve your DNS visibility and DNS security
Interesting fact is that ISP, Cloudflare DNS, Google DNS are not in the business to protect customers from malware using DNS filtering. DNS providers all benefit from sheer volume of DNS lookups and are able to identify and isolate malicious domains and command and control servers because of their hierarchy in the DNS structure. DNS providers do get involved and do block aka blackhole aka sinkhole malicious DNS lookup & destinations when it is in response to a cybesecurity incident or law enforcement order.
some other interesting links related to DNS:
