DNS

16 June 2016 at 11:00pm

Taking care of domain names

Andrew Cormack
security
DNS
Domain Names
#FIRSTcon16
At the FIRST conference, James Pleger and William MacArthur from RiskIQ described a relatively new technique being used to create DNS domain names for use in phishing, spam, malware and other types of harmful Internet activity. Rather than registering their own domains, perpetrators obtain the usernames and passwords used by legitimate registrants to manage their own domains on registrars' web portals.
Read more

Register gov.wales or llyw.cymru

Ben Chapman
Tuesday, November 10, 2015 - 18:36
gov.wales
llyw.cymru
llwy.cymru
DNS
domain name registration
procedure
To apply in Welsh please click here. Cliciwch yma i wneud cais yn Gymraeg.
Read more
16 June 2015 at 1:55pm

Detecting Incidents in DNS Resolver Logs

Andrew Cormack
incident response
DNS
#firstcon15
Domain Name Service resolvers are an important source of information about incidents, but using their logs is challenging. A talk at the FIRST conference discussed how one large organisation is trying to achieve this.
Read more
26 June 2014 at 10:10am

Simple ways to improve your DNS resilience and security: #4 Open DNS Resolvers

James Davis
DNS
resolvers
DDOS
nameservers
udp
reflection
amplification
infosec
security
Time to move from the mechanics and policy of DNS replication to a new topic. Within the global DNS there are two roles that a server can play: ones that hold data - nameservers, and ones that fetch that data for clients - resolvers. Nameservers need to provide their data to the entire Internet whereas resolvers serve a small set of client systems.
Read more
25 June 2014 at 2:15pm

Simple ways to improve your DNS resilience and security: #3 TTL and expire timers

James Davis
DNS
Resilience
SOA
expire
TTL
DDOS
So you've designed your redundant architecture and ensured that your data is being replicated across it? All set? Not quite. Within your DNS configuration there are two timers that we frequently see misconfigured -  TTL values and the SOA expire value. Frequently we see these left at default a default of one day (86400 seconds). Whilst these may suit many organisations it's worth taking a closer look to make sure that they match your expectation for your DNS services.
Read more
24 June 2014 at 1:53pm

Simple ways to improve your DNS resilience and security: #2 Zone Transfers

James Davis
DNS
Resilience
axfr
security
infosec
zone-transfer
Having designed a redundant DNS infrastructure, one of the most common mistakes is failing to ensure that secondary nameservers can successfully replicate data for the domains it is hosting. The most common way this is done on the Internet is though zone transfers - the AXFR command. This command causes a DNS server to reply with all the data it knows for a domain.
Read more
24 June 2014 at 1:52pm

Simple ways to improve your DNS resilience and security: #1 Redundancy

James Davis
DNS
primary nameserver
secondary nameserver
security
infosec
risk management
resiliency
When providing DNS nameserver services a degree of redundancy is needed. In most cases the DNS records for a particular domain will be hosted by at least two nameservers, but is that enough by itself? When building a resilient system the risks involved with the failure modes of the system need to be considered and weighed up against the associated costs and overheads. As a common example - does having both DNS servers on the same local network segment provide you with protection against network failure? Probably not.
Read more
2 June 2014 at 4:39pm

NCA action on GameOver Zeus and Cryptolocker

James Davis
malware
nca
DNS
infosec
cyber
As you may now be aware, the FBI and NCA are coordinating 'global day of action' against the Zeus-P2p and Cryptolocker families of malware. Law enforcement and industry partners will be collaborating to interrupt infrastructure vital to the malware's operation and to raise public awareness of these threats.
Read more
Subscribe to DNS