English
DeutschWHITE PAPER
The domain name system (DNS) is fundamental to the proper operation of nearly every IP network application, from web browsing, email, to multi-media applications and more. DNS provides the lookup and translation services from name to IP addresses that are used by computers to communicate. An attack that renders the DNS service unavailable or which manipulates the integrity of the data contained within DNS can effectively bring a network down. As a side effect of its necessity, DNS traffic is generally permitted to flow freely through networks, exposing networks to attacks that leverage this freedom of communications.
By its very nature, the global Internet DNS system serves as a distributed data repository containing host names (e.g., website and other addresses) and corresponding IP address information. The distributed nature of DNS applies not only to the global geographic distribution of DNS servers, but to the distribution of administration of the information published within respective domains of this repository. DNS has proven extremely effective and scalable in practice and most people take DNS for granted given this and its proven reliability. However, its essential function and decentralized architecture serve to attract attackers seeking to exploit the architecture and rich data store for sinister activities. This white paper describes various forms of enterprise DNS attacks and strategies you can employ to mitigate these attacks. We’ll start with a basic overview of DNS to establish a level set and present potential vulnerabilities, which we’ll discuss next, followed by mitigation strategies that can be deployed to reduce exposure to various attack types.
