Domain Name System (DNS), Denial of Service (DoS), and Distributed Denial of Service (DDoS) attacks are now becoming commonplace occurrences. International Business Times reports that the actual frequency of attacks has gone down, but the severity of the attacks has gone up. For example, we all remember the DoS and DNS attack in October that affected many sites on the east coast bringing down such sites as Spotify, Reddit, the New York Times, and WIRED.com. The denial of service attack took down much of the Internet for the US Eastern seaboard. There are many types of DNS attacks that can significantly harm your business:
- DoS attacks: DoS attacks happen when DNS servers become saturated with recursive queries that prevent the DNS servers from answering legitimate client requests for name resolution.
- DDoS attacks: Similar to a DoS attack, but instead of the attack coming from one computer, the attack comes from thousands of computers located around the world.
- Redirecting: Redirecting (also called DNS poisoning) happens when a hacker makes the DNS servers redirect or forward the name resolution requests to their servers. Redirecting gives the hacker access to possibly sensitive data and puts your customer’s security at risk.
- Footprinting: A hacker steals the DNS zone information for the process of Footprinting. Using the DNS zone information, the hacker gains information about your network such as the IP Addresses and computer names. Mapping your network allows the hacker to spot weaknesses that they eventually use to get into your network.
- IP Spoofing: The hacker can use trusted IP addresses to mask their own IP address and send harmful malware or viruses to the network. When conducting a DoS attack, a hacker uses IP spoofing to simulate thousands of different users with real or generated IP addresses.
What can you do in the case of a DNS, DDoS, or DoS attack?
With the resources many hackers have today, it is difficult to stop DNS attacks, but the sooner you know about a DNS attack, the better the chance you have of protecting your site. For obvious reasons, you might want to consider monitoring your DNS and SSL Certificates from an external viewpoint. Find a service that can monitor your DNS and check your servers from the A record to the root server. Monitoring can ensure you have the proper visibility into your DNS status and any unwarranted changes made to them along with any unexpected behavior. The faster you can see and act on any malicious activity the less likely hackers will successfully hack your system. Here are a few DNS record types that you might want to monitor to help secure your DNS:
- A record (Address record): Maps an IPv4 address to a domain name.
- AAAA (IPv6 address record): Like an A record, this maps a domain name to an IPv6 address.
- CNAME (Canonical Name record): Alias of one domain name to another. The DNS lookup will continue by retrying the lookup with the new name.
- MX (Mail Exchange record): Maps a domain name to a list of message transfer agents.
- NS (Named Server record): Delegates a DNS zone to use the given authoritative name servers.
- TXT (Text record): Used for human-readable text in a DNS record. The record often carries machine-readable data.
- SOA (Start of Authority): Provides the core information about your zone including the primary name server, contact (e-mail), how the secondary name servers get updated, and the time-to-live values for your records.
- Root name server: A root name server, as explained on Wikipedia, is a name server for the root zone of the Domain Name System of the Internet. The root server directly answers requests for records in the root zone, and it answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The root name servers provide a critical service to the Internet infrastructure translating (resolving) human readable host names into IP addresses that Internet hosts use for communications.
Take the next step in making sure your DNS is secure by monitoring your servers from an external viewpoint. You’ll know immediately if your DNS is receiving any malicious or unexpected activity.
Uptrends can help you protect your DNS
Uptrends offers the most advanced DNS and SSL Certificate monitoring to help you secure your DNS. Uptrends can monitor your DNS from 158 external checkpoints across the globe. Monitor your DNS server from the A record to the root server with Uptrends. Learn more about DNS monitoring.
Try DNS monitoring* free for 30 days.
*DNS monitoring is available on the Premium, Professional, Business, and Enterprise plans.
Sources:
DNSimple: SOA record
Uptrends: Setting up a DNS monitor
Wikipedia: List of DNS record types
Wikipedia: Root Name Server
Image credit: “Santiago” by Katy Levinson used under the Creative Commons License
Leave a Reply