The web works as if by magic, but supporting this seamless user experience are numerical codes that label and organize massive numbers of connected devices and quantities of data.
One of the systems that performs this magic behind the scenes is the domain name system (DNS). DNS takes the text that humans introduce into URLs, and matches it with numerically organized data files. DNS then produces the numerical information as readable text.
For example, a website such as ‘www.example.com’, might have an address like 192.345.09.39. The DNS enables us to type in text to our computers, rather than in long difficult-to-memorize strings of numbers.
Experts commonly state that the internet’s domain name system functions similarly to a phone book, where names are connected with data, allowing people to reach whomever (or whatever) they’re looking for. Without DNS, the internet as we know it would not exist.
An easy deep-dive into DNS:
There are four main types of DNS servers. These servers interact with one another in order to figure out where certain information is located.
- Resolving Servers (or DNS Resolvers). These look up information in their database and cache data.
- Root Servers. A search request encounters root DNS while attempting to obtain an IP address from a hostname.
- TLD Servers. These servers use information like “.com” or “.net” to help route requests.
- Authoritative Servers. These servers store the records for certain types of requests.
What kinds of attacks do hackers direct towards domain name systems?
- DNS reflection attacks. Attackers send a massive volume and overwhelming volume of data to a users’ computer.
- DNS resource exhaustion. Internet users are unable to reach intended websites.
- DNS flooding. This is similar to a DDoS attack, where servers are overloaded.
- DNS cache poisoning. Malicious elements are added to the DNS resolver’s cache.
- DNS tunneling. Where unwanted data is included in DNS responses and queries.
How common are DNS attacks?
“Attackers are becoming ever more creative and brazen as they find new means to sabotage the DNS system, resulting, primarily in users and applications being misdirected from an authentic website to a malicious attack vector,” writes one trade publication.
The 2020 Global DNS Threat Report, which surveyed technology professionals across North America, Europe and APAC, states that 79% of organizations reported experiencing DNS attacks in 2019. In 2018, 82% of organizations reported DNS attacks.
How can organizations prevent DNS attacks?
- Seek out resilient routing methods that can send DNS requests to other servers if certain servers become compromised.
- Strengthen access controls by using 2FA and SSO where possible.
- When it comes to updating DNS, admins should apply strong authentication keys and limit key uses to known sources.
- Introduce your team to TSIG (transaction signatures), which allow for cryptographic signing of zone data. 
 Time to Stop Overlooking DNS Security, Mark Fieldhouse, Infosecurity Magazine, Mar 5, 2020
 How DNS Attacks Threaten Organizations, Lance Whitney, TechRepublic, June 10, 2020
 Infoblox, What is the Difference Between DNSSEC and DNS Security, August 2020
 Cloudflare, DNS Security, 2020