The potential of the DNS protocol with regard to IT-security is often underestimated
DNS - a foundation of the internet
The Domain Name Service (DNS) is responsible for resolving domain names to the corresponding web addresses and thus represents one of the essential components of the internet for a large portion of digital communitcation.
Statistical analysis of DNS queries from the own private network facilitates monitoring of network traffic in real time and with it a detection of anomalies caused by malware infections. Furthermore by selective redirection or blocking of such queries the communication of the malware with its command and control servers can be prevented. In addition DNS data offer a window into user behaviour with implications for the protection of personal information and internal company data.
Additionally DNS has another function as a 'trust ancor' and information stored in the DNS entries, for example digital signatures, serve as means of verification for other services, E-Mail among others.
We offer support around the topic of DNS - starting with the setup of a private internal DNS infrastructure, over the daily operation and monitoring, to analysis and consulting regarding appropriate actions in case of emergency.
We provide consulting regarding planning, implementation and operation of company DNS servers with regards to security and availability. Worldwide access poses particular demands towards the DNS infrastructure.
Hidden Master DNS
fascilitates management of DNS zones under one own's control in real time
permits individual DNS answers dependent on the region from which the query originates
is a routing technology which makes it possible to host a single IP address at multiple data centres around the world providing optimal response times and high resilience against failure
enables analysis of communication partners, for example regarding geographical regions or frequent DNS queries, or detection of attacks via DNS (DNS-Tunnel, Cache Poisoning)
Secondary DNS Hosting
is the selection of providers for the operation of Anycast zones or secondary DNS servers as long as the master DNS is managed by oneself (Hidden Master)
DNS resolvers are needed by every business for resolving internet names to the corresponding IP addresses of the services. It is often falsely assumed that for this an external provider is necessary however those external services are problematic with regard to protection of personal data.
The operation of private resolvers and logging of DNS-queries/-responses offers significant advantages:
- Malware utilizes DNS-domains in order to locate its command-and-control servers.
- Malware uses DNS-tunneling for circumventing firewall restrictions regarding incoming and outgoing data.
- RPZ (response policy zones) can be used as DNS-firewall
- RPZ can the utilized for blocking or redirection of DNS-traffic
- RPZ-lists can be employed to identify anomalies/malware in the DNS-traffic
- Periodic malware DNS-requests can be easily detected
- Unusual number of client DNS-requests can be easily detected
- Anomalies can be detected as unusual number of domain requests
- DNS-traffic only results in relatively small volume of logging data which can be easily analysed
- Private DNS-resolvers are indenpendent of the provider DNS-resolvers
- Private DNS-resolvers do not leak DNS-traffic data to the outside
- Private DNS-resolvers can be implemented using OpenSource software with zero licensing costs