Today’s Tip of the Day is the second in a three-part series on Domain Name System (DNS) monitoring. In the first, we looked at how the application delivery chain works and the way in which many companies outsource their DNS to third parties with a global presence in order to reduce latency. The connected tip was focused on ensuring users are served by the correct DNS server. Today, we’ll be talking about DNS security, the types of attack you should be on the lookout for, and how Catchpoint can provide 24/7/365 monitoring to ensure you can protect your customers and employees around the clock from DNS-related attacks.  

DNS Security Challenges and Pitfalls 

Unfortunately, when the Domain Name System was created, security considerations were not taken into account. It was built by design to be a scalable, public database with unrestricted access to its data. Inevitably, this has led to many vulnerabilities in the system and multiple types of DNS exploit.  The different types of DNS attack include:  

DNS hijacking – the attacker “tricks” the end user into believing they are communicating with a legitimate domain name when they have been redirected to a different (potentially malicious) domain name or IP address the attacker has set up. 

DNS spoofing – the attacker attempts to change the DNS records returned to the querier, the person asking, to a response the attacker chooses.  

DNS cache poisoning – in this type of attack, the attacker targets cached name servers in order to control the answers stored in the DNS cache. It can potentially impact thousands of users and be very difficult to detect.  

Distributed Denial of Service (DDoS) attacks – These types of exploit involve the attacker attempting to exhaust the DNS resource, CPU or memory by flooding a service hosting a particular domain with requests. It slows down or forces an outage of a website. DDoS attacks are also referred to as DNS Flood or DNS Amplification attacks.  

Catchpoint’s 24/7/365 Synthetic Monitoring and DNS Test Templates 

This is where Catchpoint separates itself from other vendors. To stay one step ahead of these kinds of malicious activity, you need 24/7/365 synthetic monitoring from points around the globe from as many vantage points as possible. Catchpoint’s large number of global testing locations is one of our greatest strengths as our vantage points cover backbone, broadband, cloud, last mile, and wireless providers worldwide.

For DNS, synthetic monitoring is a must-have. It lets you look at the performance of all the nameservers and pinpoint any errors along the entire DNS resolution chain. It also provides a window into the database records used by DNS servers, which allows you to diagnose the specific reason an error has occurred, for instance, DNS cache poisoning or insecure zone transfers. In today’s video, we will see this in action by drilling down into two different DNS tests, just a couple of twenty DNS test templates prebuilt for you to use.  

Fig 1: DNS Test Monitor

Today’s Tip: Use Catchpoint’s DNS Tests (Fig 1) to help keep your customers and employees secure. In today’s video, you will: 

  • Find out more detailed information about the types of DNS attack to be wary of; 
  • Access tips about locations where DNS attacks commonly occur;  
  • Understand how Catchpoint separates itself from other vendors in relation to DNS monitoring; 
  • Watch a demo of two different Catchpoint DNS tests; 
  • Witness the extensive visibility that Catchpoint’s DNS Monitor can provide into the multiple levels of any DNS transaction. 

Further resources:

  • https://blog.catchpoint.com/2019/11/18/great-firewall-china-dns-ip-censorship
  • https://blog.catchpoint.com/2019/08/21/synthetic-monitoring-of-dns-in-changing-times