By Robbie Wright
DNS, or thedomain name system, is a fundamental building block of the internet that is very commonly overlooked from both a management view and a security view. This is a major oversight by most businesses and there are a variety of lost cost (and even free) things credit unions and other business can do to protect themselves.
Recursive DNS
First off, there are two types of DNS, recursive DNS and authoritative DNS. Recursive DNS is generally something an ISP provides to customers. Recursive DNS takes google.com and turns it into an IP for an end user’s browser or application. DNS recursors hand out records to end users, mostly. Those DNS recursors query an authoritative DNS server to get their results. Some common examples of these services areOpenDNSorGoogle DNS. Recursive DNS also plays a ctriical role in the security of anorganizationas it is the source of mostman-in-the-middle attacks. For this reason, OGOdoes not allow public accessto our recursive DNSresolvers. It is only accessible to the clients on our network.
Authoritative DNS
Most commonly, the domain registrar hosts theauthoritativeDNS records for a domain. Many larger business use their ISP, a third party provider, or host their own authoritative DNS servers. These authoritative DNS servers tell the world where your website, email, and all other DNS related items live. This is one of the most overlooked aspects of securityfor many business. Hint: make sure your DNS provider has an option for multi-factor authentication. There are a variety of DNS record types:
