In 1992, librarian Jean Armor Polly coined the phrase “surfing the Internet,” and anyone who’s ridden the waves of data and information since then has likely come across the term DNA. Today, the Domain Name System (DNS) is one of the foundations of the Internet and works unobtrusively in the background to ensure smooth navigation of this space.
But before DNS, navigating the web was a grueling task. In the early days, messages were manually sent from network to network using a range of IP addresses. The rapid growth of the Internet caused massive problems in maintaining these addresses, and with over 360 million domain name registrations now, this method was unsustainable.
To solve this problem, DNS was developed to provide an easy way to navigate the Internet and connect users to websites – using domain names. Instead of humans acting as the hub for the internet, the DNS is now there to direct them to where they need to go.
But what does DNS mean (opens in new tab)and what role does it play in protecting organizations?
Introduction to the Domain Name System
The Domain Name System (DNS) is the hierarchical, decentralized naming system created over 35 years ago to provide a link between online systems and the protocols used to route Internet traffic. In other words, every device connected to the internet has its own unique IP address.
DNS makes it possible to type normal words into your browser without having to memorize long and often complex IP addresses. Essentially a DNS server (opens in new tab) is a database full of public IP addresses and acts like a phone book of the Internet, with entries being transparently added, deleted and modified every second in real-time.
Whenever you type a domain name into your URL bar, DNS finds the corresponding IP address and directs you to where you need to go. So why is it important? DNS can be seen as one of the cornerstones of the Internet. After all, if a DNS can’t find the right IP address, you won’t be able to access the website you’re looking for.
However, the fundamental importance of DNS makes it a prime target for criminals and there is a pervasive and growing threat to businesses of all sizes. Losing control of a critical domain name or a website that is unavailable for even a short period of time results in revenue and reputational damage for businesses.
DNS attacks increased in volume and variety
In the last two years we have seen a huge increase in demand for bandwidth as the world adapts to new ways of working; The DNS system now processes over 2 trillion queries every day. But alongside an increase in legitimate DNS queries, there has been an unwelcome increase in malicious activity, with criminals attempting to compromise DNS infrastructure for their own personal and financial gain.
DDoS attacks have increased significantly (opens in new tab). These attacks target organizations’ or DNS providers’ DNS infrastructure with massive amounts of DNS queries to prevent legitimate requests from reaching web servers and accessing websites and online services.
Although the nature of attacks has changed, the traditional threat of DNS hijacking or cache poisoning is still a real and legitimate threat. These attacks rely on criminals gaining access to DNS databases and changing the IP address so that legitimate website traffic using a specific domain name is redirected to a different website, often without the user realizing there is a problem present. Recently, cryptocurrency exchange Curve Finance fell victim to hackers who hijacked its DNS. The company lost over $570,000 to criminals who redirected its traffic to its own website.
Organizations need to ensure critical infrastructure is protected in a world of increasing digital threats. It is crucial to have robust security policies that encompass the use and protection of domain names as important digital assets.
Protect your websites from attacks
It is crucial for any business to understand how its domain names are being used. Many are used to generate revenue, improve visibility and reputation, or support critical infrastructure. But it may not always be obvious to internal stakeholders that a domain no longer resolves to the correct website, if at all.
For example, DNS traffic analysis is a great way to ensure each domain is redirecting to where it belongs and highlights anomalies that can be quickly corrected and adjusted to the domain name policy.
Analyzing the data also highlights the high-traffic domain names that may need improved functionality, prioritization, and security management. It’s worth identifying these key domains and evaluating the use of registry-level blocking, email security records, and DNSSEC.
While DNS’s priority is to ensure domain names are routed to the correct web content, enterprise providers also provide proactive threat monitoring and intelligence that ensures the most critical domain names are in place and protected. Robust security policies that encompass the use and protection of domain names as important digital assets are vital as major DNS failures or security incidents make headlines for all the wrong reasons.
These types of events not only damage the sales but also the reputation of organizations. For this reason, choosing an enterprise DNS partner that has a globally distributed network of DNS nodes is crucial. Using enterprise-class DNS ensures that critical domain names supporting websites, online applications, and email addresses continue to function even if the network is DDoS attacked.
DNS services come in all shapes and forms. At their heart, they make sure domain names go straight to where they should. The key test comes when the network is under stress, either from an increase in legitimate traffic or from nefarious sources. For many businesses, the question arises as to whether they can afford to risk having their domain names stop working due to the limitations of their DNS network.
Regular DNS auditing is now considered best practice. Working with a domain security expert provides you with forensic analysis and trusted recommendations to ensure domain names are contributing to revenue and reputation, not headaches and security concerns.