Tag Archives: Domain Name System

Popular DNS attacks that you need to know

DNS attacks: Explication

DNS attacks are a type of cybercrime that takes advantage of flaws in the Domain Name System. Because the DNS system is such an essential element of the internet infrastructure while still having several security flaws, this is a severe cybersecurity risk.

There are many types of DNS attacks, but this post will focus on a few of the most common ones. Cybercriminals, for instance, can use DNS’s core features to amplify DDoS attacks. DNS spoofing, for example, is an attack vector that tampers with DNS entries in order to reroute internet users to specified websites. So let’s explore them in more detail. 

DNS Poisoning attacks

DNS cache Poisoning (DNS Spoofing) is a type of DNS attack that affects DNS resolver servers. They can save a copy of the DNS records for domains in their cache memory for a limited time. Those records are cached for the amount of time specified in their time-to-live (TTL).

Criminals can gain access to the records and alter (poison) them in order to divert your legitimate traffic to a harmful location. For example, they could develop a fake version of your website to defraud your customers and steal their personal information.

As a defense, DNSSEC (domain name system security extensions) is highly recommended. It adds cryptographic authentication to DNS searches by digitally signing records.

Amplification DNS attacks

DNS can also be targeted by DDoS attacks. In this scenario, a typical DDoS assault exploits DNS flaws to generate enormous amounts of DNS queries, which are then amplified even more. The massive traffic is being sent to the IP address of the victim. The victim is unable to cope, and the traffic eventually overwhelms it. This could result in a lengthy outage.

The amplification component is mainly because the searches ask for numerous DNS records, which allows each query to return several times more extensive results, which are then sent to the victim’s device.

To defend yourself, you can utilize a DDoS protection solution that can analyze your network and identify malicious data coming your way. Alternatively, you might use a massive network of name servers with a load-balancing system that can manage heavy traffic.

DNS tunneling

The last DNS attack from our list is the DNS Tunneling. It encrypts (tunnels) malware and other data in DNS queries and responses by using DNS (client-server way).

Here’s how it works in a nutshell. A criminal begins by registering a domain and connecting it to its name server. A tunneling trojan is implanted in the last phase. When a machine is infected, it sends a request to a DNS server. DNS requests are allowed to pass past firewalls because DNS is trusted. This is where the danger begins. The resolver sends the request to the criminal’s server, which uses the DNS server to establish a link between the criminal and the target. The criminal’s computer is hidden and difficult to detect because there is no direct relationship between the target and the perpetrator.

To prevent data possession, a tool needs to be set up. A DNS firewall is the most effective. It needs to be configured and constructed in such a way that any intrusion is rapidly detected. It protects against data exfiltration.

Conclusion

To sum up, DNS attacks are really perilous. But it is possible to protect yourself or your organization from them. How? For example, by implementing DDoS protection service, DNSSEC, Load-balancing solution, Firewall, etc. Good luck!

How to choose DNS TTL values?

The Domain Name System (DNS) involves different vital processes for your domain. DNS TTL or time-to-live values are your chance to set up time in your favor! This means the power of making those processes more agile!

What is TTL?

Time-to-live (TTL) is the value that establishes the time period or the number of hops that a data packet is set up for being alive. Either on a network or in the cache memory. When this time expires or the data packet reaches its limit of hops, it will be stopped. Data packets are not all the same, they are different between them, but they all have their own TTL. That time should be determined based on the period data packets need to live in a device for achieving their missions completely. 

Do we really need TTL?

Absolutely yes! We totally need TTL to control the traffic and amount of data packets traveling around networks, applications, and machines. Imagine a scenario without the existence of TTL or any other mechanism to control data packets. By now, traffic on the Internet would already be in total chaos. Millions of already pointless data packets that accomplished their mission decades ago could still be traveling without purpose and end.

Through DNS TTL, routers can manage the traffic by simply reading the value every data packet has. Packets will continue their journey only if their TTL is not expired. When a router stops a data packet, it reports this to the IP address of the data source through an ICMP message. ICMP or Internet Control Message Protocol is a tool for diagnosing and informing issues.

And there’s more: TTL is useful also for knowing how long a packet has been on a network and for tracking its whole route!

How to choose DNS TTL values?

There we go! You can slow or speed essential DNS processes on your domain, smartly choosing DNS TTL values. 

  • DNS records are different between them, just like their purposes. When you add or edit a DNS record, be aware of the number of changes it will need in the future. DNS records that constantly require changes should have a lower TTL value. And the ones that almost don’t change in time should have a higher TTL value.
  • DNS resolution is an essential DNS process for every domain. If you want to speed it up, define higher values on the DNS records. This way, they will be stored for a longer time on the DNS recursive servers’ cache.
  • To cache static resources of your domain is a very recommended practice. Use high TTL values, and you will totally speed the loading time.
  • DNS propagation is another vital process. If your domain frequently requires modifications on its DNS records, you have to choose lower TTL values to speed up the propagation. Otherwise, high values will have the opposite effect.
  • The definition of DNS TTL values must be taken seriously. Especially when there’s a lot at stake, just think about domains of mission-critical services. An electric power grid operating system, aircraft or railway, demands constant updating and DNS load balancing configurations. Not being able to execute such tasks quickly could mean severe risks for many people involved. Those kinds of services mostly use low TTL values.

Conclusion.

Time is not always the enemy. Knowing how to choose DNS TTL values smartly, time can become a great ally!

History of the Domain Name System.

It’s impressive how the Internet managed to be ingrained in humans’ lives in a very short time. The 1980s look far away from here, but honestly, considering all the previous development needed for the network of networks to exist, it’s not that much. Many people can still remember their life before and after the Internet.

To understand how the Internet works, there’s no way to skip one of the most important chapters in its history: the creation of the Domain Name System (DNS).

How was networking born?

Officially, the Internet started working on January 1, 1983. But as a concept, it appeared in the late 1950s. 

On the one hand, government researchers faced a strong need for a solution for sharing their information easily. Computers were really big and heavy. Every time researchers needed the specific data, they had to travel to the computer’s location or to use magnetic tapes for saving the data and sending them via postal service.

On the other hand, the Cold War was on. When the Soviet Union launched the Sputnik satellite (1957), the USA felt pushed to respond to the achievement. The American Defense Department looked for alternatives to keep information safe and easily share it in the case of a nuclear attack. 

Therefore, the Advanced Research Projects Agency Network (ARPA, 1958) was founded, and the ARPANET (1969) was created. This is the predecessor of the modern Internet. After years of collaboration with different organizations, the network concept got successfully proved, but it was limited for researchers and organizations linked to the Defense Department. 

During the 1970s, more enthusiasts got attracted, and networks started popping up here and there, bringing on a new challenge. All the existing networks operated independently, but there was no way to communicate between them. 

TCP/IP solved this and became the standard “language” for networks to communicate (1983). This totally expanded the possibilities for the exchange of information! 

History of the Domain Name System.

To connect with other computers and services, people had to type their IP addresses. These long sequences of numbers were perfect for machines to communicate between them. But with every day more available websites, it got hard for humans to memorize several IP addresses like 234.167.1.15 (IPv4).

With networks already interconnected, complexity became another challenge. For instance, mapping of websites was made through a centralized HOSTS.TXT text. With the increase of sites, the file got big too, and the need for a decentralized model emerged.

In 1983, Paul Mockapetris and his team simplified this and created an easier way to use the network – the DNS. Thanks to it, humans could use easy and memorable names for reaching websites (sitexample.com) instead of numbers (234.167.1.15).  

It became an Internet standard in 1986. Numbers were kept used by machines, and humans could use domain names. This shaped a sort of directory (database), through which domain names could be associated with its IP address and vice-versa.

The DNS evolved through the years. Some of its key improvements were:

  • The NOTIFY. First, secondary servers needed to check frequently for updates. With the NOTIFY mechanism, the master server could save them all these checks and directly inform them when it has a new update to share. 
  • The incremental zone transfer. Thanks to this, secondary servers could update only the changes instead of updating the complete zone file.
  • DNSSEC security extension for protecting users against DNS poison attacks.

Conclusion.

The DNS gave structure to the Internet. Almost four decades of existence, and it’s still responsible for the cool experience users have while surfing online.