On any given day, some five billion people worldwide use the Internet. Only a vanishingly small fraction of those people is even aware of, let alone understands the importance of, a critical component of Internet use: the Domain Name System (DNS). The DNS system has been defined as “a hierarchy of duplicated database servers worldwide” that begin with so-called “root servers” for top-level domains such as .com, .net, .and org and converts alphabetic names into numeric Internet Protocol (IP) addresses.
Because the DNS system is so critical to the effective operation of the Internet and Internet communications, DNS has become “an increasingly targeted threat vector for attackers.” Cyberattackers routinely use a variety of techniques to exploit the DNS system and gain unauthorized access to command-and-control systems and exfiltrate large volumes of sensitive data.
On March 4, the U.S. National Security Agency (NSA) and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) released a joint information sheet that provides guidance on selecting a protective Domain Name System (PDNS) service “as a key defense against malicious cyber activity.” As the information sheet explains, the DNS “is central to the operation of modern networks”, but “was not built to withstand abuse from bad actors intent on causing harm.” It explains that a PDNS is “different from earlier security-related changes to DNS in that it is envisioned as a security service – not a protocol – that analyzes DNS queries and takes action to mitigate threats, leveraging the existing DNS protocol and architecture.”
The information sheet makes clear that it provides an assessment of several commercial PDNS providers based on reported capabilities, but that that assessment “is meant to serve as information for organizations, not as recommendations for provider selection.” It advises that users of these services “must evaluate their architectures and specific needs when choosing a service for PDNS and then validate that a provider meets those needs.”
Chief Information Security Officers at companies and government agencies need to peruse the NSA-CISA guidance closely and give serious consideration to acquiring some form of PDNS. Because DNS-based attacks are highly likely to increase during 2021, particularly from hostile state actors and professional cybercrime organizations, every enterprise must take seriously the need to protect itself from such attacks.