By Robbie Wright
DNS, or the domain name system, is a fundamental building block of the internet that is very commonly overlooked from both a management view and a security view. This is a major oversight by most businesses and there are a variety of lost cost (and even free) things credit unions and other business can do to protect themselves.
First off, there are two types of DNS, recursive DNS and authoritative DNS. Recursive DNS is generally something an ISP provides to customers. Recursive DNS takes google.com and turns it into an IP for an end user’s browser or application. DNS recursors hand out records to end users, mostly. Those DNS recursors query an authoritative DNS server to get their results. Some common examples of these services are OpenDNS or Google DNS. Recursive DNS also plays a ctriical role in the security of an organization as it is the source of most man-in-the-middle attacks. For this reason, OGO does not allow public access to our recursive DNS resolvers. It is only accessible to the clients on our network.
Most commonly, the domain registrar hosts the authoritative DNS records for a domain. Many larger business use their ISP, a third party provider, or host their own authoritative DNS servers. These authoritative DNS servers tell the world where your website, email, and all other DNS related items live. This is one of the most overlooked aspects of security for many business. Hint: make sure your DNS provider has an option for multi-factor authentication. There are a variety of DNS record types:continue reading »