Read latest news about security

DNS Is Still the Achilles Heel of the Internet

12 July 2017 Pavithra Shetty no responses

Standing for domain name services, the DNS is actually an internet service which translates the alphabetic domain names into machine based IP addresses. Domain names are kind of naming system which is used to address various web servers and web pages.

Functioning just like a phone directory, the domain name system also gives an easy-to-spell and memorable address to every server and web page thereby hiding their real yet technical and numeric IP address. But, one thing to remember here is that domains names are not the URL (uniform resource locators).

iStock_000003248041Medium

A domain name is always a part of larger internet URL. Thus, it does not go in as much detail as a URL goes into. Generally, every URL provides all basic information which comprises of specific page address, machine name, protocol language, and folders name. For instance, in an URL:

http://limeproxies.com/network-status.php

It is only “Limeproxies.com” which is considered as a domain name.

So, you can consider domain names like the nicknames of the web servers and web pages which are friendly to use and easy to remember. But then again, they are way different from their corresponding IP addresses.

In general, the DNS also follows a particular format while naming any web server or web page. Always organized from right to left; the general descriptions are always on the right whereas the left side always carries more specific descriptors. And, the descriptors are actually the domains. To make it more relatable, understand it in this way that person’s names are on the left with the family names on the right. The far right domain is always considered as top level domain, mid-level domains are in middle and machine name is always far in left.  Moreover, each level of the domain is separated by a dot (.).

In the above-quoted example, “.com” is a top level domain with “limevpn” as a mid-level domain.

So, now when we know so much about the DNS it is quite understandable that is a very vital element for internet existence so we always need to find out measures and practices so as to make it more reliable and incorruptible. Around the world, it is only the DNS which is most prone to cyber attacks. Thus, it becomes very difficult to defend it especially when it is known that the DNS services are the softest and excellent target for the cyber attackers.

Being an important element of existence in the world of internet, even if we try to take out the DNS of any organization’s website then it means that we are actually making it unreachable to the general public. So, that means if someone fails to publish the DNS online then no one can actually reach your web server, VPNs or not even the mail services. And if in case, a hacker is capable enough to play with your authentic DNS records then the chances are that they may redirect the complete traffic to the other websites which they might control. This will hamper not only your business but client’s and viewer’s privacy is also in threat.

Generally, DNS is built over unreliable and insecure protocols with the cooperation between millions of clients and servers. Thus, these DNS are always vulnerable to subversions, hijacking, and disruption. So, it becomes very necessary to safeguard the DNS as much as possible in a most reliable and incorruptible way. So, before we actually start with their reliability, we first need to know and understand the most common DNS attacks.

Here we have listed the most common yet major DNS attacks that can hamper your existence over the internet. Take a look:

  • Unauthorized DNS changes
    Owning a complete web server is not an easy task. So, if you too own one then you always need someone to manage it properly. One should always authenticate server’s admin strongly by ensuring their competence and trustworthiness. Remember, any change in the DNS or any bad entry can take hours or sometimes days also to resolve.

6866188762_6548846b0a_h

  • DNS hijacking
    There are many Domain registrars who are actually designated to manage as well as answer queries for DNS servers. Generally, these registrars have registered accounts that can control the pointer to DNS servers. And if the attackers/hackers manage to control these pointers than they can easily redirect a domain to a DNS server which is under their control.
  • Denial of services
    When any cyber attacker/hacker, prevents the intended users from accessing the services of a particular web server, website or a web page by flooding the network resource/machine with excessive messages in order to authenticate even those requests which have an invalid return address then it results in denial of services from the machine or the network resource.
  • DNS server vulnerabilities
    DNS services are functional on software thus there are always chances of having some bugs in it. Now, when an attacker/hijacker exploits these error bugs then the chances are that the DNS services are becoming more vulnerable to various kinds of cyber attacks.
  • DNS queries interception
    Generally, DNS functions on a UDP protocol which is a weak link that can be easily spoofed. So, an attacker/hijacker comes in between the user and the server so as to intercept with the DNS queries, Most attackers/hijackers consider it as one of the easiest ways to hamper the DNS.
  • DNS data leakage
    This attack generally happens when a wrong configuration is set up while structuring a DNS framework. Attacker keeps on doing phishing expeditions so as to attempt devastating DNS data leakages.

Now, when we know the common ways through which the DNS can be attacked so as to hamper any web servers’ or web page’s existence on the internet so we can now work in a better and smarter way to keep our DNS safe and protected.

SHARE ON