Domain Name System (DNS) and how attacks on it affect the Internet

The accessibility and ease of use of the Internet are the results of deliberate efforts to make what is otherwise complex easy for everybody.  That is what drives the democratization of the Internet. The Domain Name System or DNS is one such technique for making the Web easy to use. Most human beings are better at remembering letters than a bunch of numbers. The DNS allows people to enter a user-friendly name such as abcd.com instead of 64.213.156.89. Unlike people, computers are good at working with numbers. Specifically, every instruction given to a computer is reduced to discrete numbers that represent the flow of current. The DNS system translates domain names (e.g. abcd.com) to IP numbers that can be used for identifying computers on the Internet.

In an article entitled DNS resource record integrity is still a big, big problem by Olzak (2008), the DNS is described as “a critical component of not only the Internet, but also internal network operation.” To buttress the importance of the DNS in internetwork, Olzak (2008) states that translating domain names to IP addresses is needed for routers to select the paths to deliver packets to the right network segments. If a network does not have an internal DNS server, an external DNS server is queried iteratively to resolve a domain name or fail to do so if the domain name does not exist (Olzak, 2008).

Given the importance of the DNS to the functioning the Internet and the World Wide Web, it is not surprising that it is a frequent target of attacks. One of such attacks is cache poisoning. According to Olzak (2008), DNS poisoning is executed by an attacker who replaces valid addresses on the caching server or a resolver’s cache with his own. Another form of attack entails taking over an authoritative DNS server for a domain (Ragan, 2013). An attacker can also attack a DNS by compromising the registration of a domain name itself, and using the access to alter the DNS servers assigned to it (Ragan, 2013). A successful attack against a DNS server has some dire consequences and security implications. According to Ragan (2013), “The first thing an attacker can do is redirect all incoming traffic to a server of their choosing.” This type of attack will allow attackers to monitor traffic, inspect packets and collect sensitive personally identifiable information of their victims. This will also allow an attacker to capture all in-bound emails of their victims and send email on their behalf (Ragan, 2013).

According to Ragan (2013), mitigating or preventing the DNS attacks mentioned above involves restricting recursion on the name servers, using IP-based access control lists (ACLs) and the old-fashioned and often recommended use of strong passwords. Ragan (2013) also states that employees of organizations should be trained on social engineering.

Conclusion

Whilst I agree with the technical solutions above for preventing DNS attacks, I think that untrained and or naïve persons are the weakest link in the security measures. If an employee is tricked into revealing login details of a domain name registration, all the aforementioned measures are useless.

References

Olzak, T. (2008). DNS resource record integrity is still a big, big problem. Retrieved from https://www.techrepublic.com/blog/it-security/dns-resource-record-integrity-is-still-a-big-big-problem/

Ragan, S. (2013). Three types of DNS attacks and how to deal with them. Retrieved from https://www.csoonline.com/article/2133916/malware-cybercrime/three-types-of-dns-attacks-and-how-to-deal-with-them.html

Leave a Reply

Close Menu