How Does Domain Name System (DNS) Resolver Works?
A DNS resolver converts text that humans can understand into numbers that computers can understand. Specifically, it converts Uniform Resource Locators, or, in other words, Internet addresses as used by humans, into IP addresses as used by computers.
Why do you need a DNS Resolver?
You can think of a DNS resolver as being a centralized contact database that can be accessed by any computer on the network. Without a DNS resolver, every computer on the network would need its own address book and this would create a huge drain on resources.
DNS and Security Benefits
DNS was invented in 1983. As a reminder, this was before the modern Internet even existed. What would become the Internet was still, essentially, an academic network where digital security was not really a consideration.
Today, by contrast, security is very much consideration (or should be). Anyone responsible for managing a network has to be clear about the various security issues posed by Domain Name System and what to do about them. Here is some guidance.
The main threats related to DNS
The various threats related to DNS can generally be grouped into one of three main types. These are data theft, traffic hijacking, and DDoS attacks.
In principle, the best remedy against Domain Name System is used to enable data theft is to implement DNSSEC, ideally along with HTTPS. Unfortunately, this isn’t necessarily as easy as it sounds. In practice, your best approach is usually to encrypt sensitive data, which is recommended anyway. You might also want to use a VPN.
The easiest way to tell for sure if you’ve been DNS hijacked is to try pinging a non-existent internal IP address. If you get the right answer then all is well. If, however, the address is resolved, then you’ve probably been DNS hijacked. You’ll probably find the source of the problem is malware on your router. As you’ve probably guessed, the solution is to remove the malware and the preventative measure is to take steps to stop malware getting on your router again.
Just saying the words “DDoS attacks” will probably raise a sigh from cybersecurity professionals. They are one of the biggest headaches in network security. The bad news is that it’s virtually impossible to prevent them. The good news is that they are, or should be, relatively straightforward to manage.
Understanding DDoS attacks
The key point to note about DDoS attacks is that they come in two main forms. Infrastructure-level DDoS attacks are totally overt. They simply throw as much firepower as they can at a website in the hope that they can cause it to crash.
Application-level DDoS attacks, by contrast, are much more subtle. They target one or more high-value areas of a website, such as a login page or the payment page, and aim to send just enough extra traffic to slow it down to the point where it becomes unusable but not enough to make it easy to detect and remedy the attack.
An effective anti-DDoS strategy has to include measures against both of these DDoS attack strategies. Fortunately, there are a few key steps you can take to protect your websites against both infrastructure-level DDoS attacks and application-level DDoS attacks. These are as follows.Buy as much bandwidth as you can afford
There are all kinds of good reasons for having as much bandwidth as you can afford. One of them is that it offers effective protection against both kinds of DDoS attacks. Basically, the more bandwidth you have, the harder cyberattackers have to work to take down your server. This means you have longer to work out what is going on and put a stop to it.Ping your server regularly
Similar logic applies here. Undertaking regular ping tests means that you will be alerted at the early stages of a problem. This maximizes the time you have to resolve it before it goes critical. Combining regular ping testing with a generous bandwidth allocation can make life much harder for DDoS attackers and hence much easier for you (and your customers).
Configure your firewall appropriately
The main purpose of a firewall is to monitor traffic (incoming and outgoing) but it can also be used to filter traffic. It’s worth taking the time to fine-tune your firewall’s settings not just to blacklist traffic known to be malicious but also to whitelist traffic known to be safe - like the bots used by search engines. This can make it harder to conduct DDoS attacks and easier to resolve them.