DNS stands for Domain Name System. It is one of the oldest running systems in the Internet communication. DNS is nothing less than the backbone of the entire Internet communication. In the earlier days, when the Internet was in its nascent stage, people will have to enter IP (Internet Protocol) Addresses to access the websites and web pages. However, this soon became a cumbersome job as the number of websites started growing and Internet increased its penetration.
A typical IP address is a combination of digits separated by dots. Remembering a unique combination of numbers for each website is not only difficult, it is near impossible if the number of website becomes too big. With the current state of the Internet, you can well imagine how chaotic it would have been if we had to remember the IP address of every individual website, not to mention that this system was nowhere near being user friendly.
DNS came to rescue. It is the system that allows you to remember just a regular name and once you have entered the name of the website this system finds the relevant IP for the domain name and makes sure that your request reaches the right server. Without DNS entire web based communication as we know it will be crippled and brought to a standstill. However, since DNS was implemented way back when online attack and malwares were not much heard of, there is little or virtually no security included in the system. Quite astonishingly DNS is one of the most important yet most vulnerable of all in the entire Internet network.
As mentioned, DNS is quite vulnerable to external attacks. It will only take a person to slightly tamper with the DNS servers and the user will no longer be able to reach the targeted websites. Let us take a closer look at some of the exploits.
DNS poisoning is a specialised task that tampers with the DNS server records. This has the potential to take any unsuspecting visitors to any website instead of the original one. Consider an unsuspecting person being directed to a fake bank website where he/she reveals the login id & password. Or, online shoppers are being directed to another fake ecommerce site where credit card or other financial payment details are revealed by many. These are major exploits.
Another highly popular and notorious DNS attack is the Denial of Service attack. It is more commonly referred to as DoS or DDoS. The targets of this type of attacks are one particular IP. It uses varied methods, but the result is same. The targeted IP becomes unavailable, either because of server crash or because it has been indefinitely looped in a series of requests. Here is a great article to learn more about DoS attacks.
Even though there are such simple and major exploit patterns available, these attacks can be prevented. For starter, an organization should stop using general-purpose computers for DNS. They need to implement purpose-built computers with higher and targeted security to ensure protection of DNS. It is also important to shield the DNS from uncontrolled and unmonitored access. There are various security protocols and security systems available that can do the job. You should always hire an expert to set up your DNS system and security.
DNS attack is ever growing menace. It is best to stay alert and be prepared for them. Saving some money and time by using a vulnerable system for DNS is never a smart choice. Investment on DNS security is worth it.